<p class="shortdesc"> After encrypting the key material, you need to upload it together with the import token. </p> <section class="section context" id="uploadencry__context_wbk_s45_jlb"><div class="tasklabel"><h2 class="doc-tairway">About this task</h2></div> <p class="p">You can import only one key material into a CMK. When you import a key material into a CMK, the key material is associated with that CMK. Later, if you want to re-import key material after it is deleted or expires, you can only import the same key material. No other key material can be imported. If you want to rotate a CMK that uses external key material, you need to create a new CMK and import new key material. </p> </section> <section><div class="tasklabel"><h2 class="doc-tairway">Procedure</h2></div><ol class="ol steps"><li class="li step stepexpand"> <span class="ph cmd">Log in to the <a class="xref" href="https://pinganyun.com/console/kms" target="_blank">Key Management Service Console </a>. </span> </li><li class="li step stepexpand"> <span class="ph cmd">In the left navigation pane, click <span class="ph menucascade"><span class="ph uicontrol">Keys </span><abbr title="and then"> > </abbr><span class="ph uicontrol">Customer managed keys</span></span>. </span> </li><li class="li step stepexpand"> <span class="ph cmd"> On the <span class="keyword wintitle">Customer management key </span>page, click the ID of the target CMK. </span> <div class="itemgroup info"> <div class="note note note_note"><span class="note__title">Note:</span> You can only import key material into a CMK in the <span class="ph uicontrol">Status </span>of <span class="ph uicontrol">PENDING_IMPORT</span>. </div> </div> </li><li class="li step stepexpand"> <span class="ph cmd">On the <span class="keyword wintitle">Key Detail </span>page, click <span class="ph uicontrol">Import Key’s Data </span>at the bottom. </span> <div class="itemgroup info"> <img class="image" id="uploadencry__image_bcr_y45_jlb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20200807112323-1bd975a89cf8.png" width="750"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">On the <span class="keyword wintitle">Import key files </span>page that opens, import the key material and import token. </span> <div class="itemgroup info"> <img class="image" id="uploadencry__image_t5x_gp5_jlb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20200807112323-1eea75189c5b.png"> <ul class="ul" id="uploadencry__ul_g4d_dp5_jlb"> <li class="li"><span class="ph uicontrol">Encrypt key files</span>: Click <span class="ph uicontrol">Select files </span>to select the key material that has been encrypted in the <a class="xref" href="https://pinganyun.com/ssr/help/manage/kms/Guide.keyimport.Encryptionkeymaterial" target="_blank">Encrypt Key Material </a>step. </li> <li class="li"><span class="ph uicontrol">Import Token</span>: Click <span class="ph uicontrol">Select files </span>to get the import token that has been generated in the <a class="xref" href="https://pinganyun.com/ssr/help/manage/kms/Guide.keyimport.getmaterial" target="_blank">Get Parameters for Import </a>step. </li> <li class="li"><span class="ph uicontrol">Expiry date of key files</span>: <ul class="ul" id="uploadencry__ul_m2k_dp5_jlb"> <li class="li"><span class="ph uicontrol">Never Expire</span>: The imported key material never expires. </li> <li class="li"><span class="ph uicontrol">Expiry Date</span>: You can specify an expiration time for the key material. The key material is valid for 24 hours by default. When the key material expires, KMS automatically deletes it within 24 hours. After the key material is deleted, the corresponding CMK is unusable. The status of the CMK becomes PENDING_IMPORT. You can reuse the CMK by reimporting the same key material. You are responsible for keeping a copy of your key material. </li> </ul></li> </ul> </div> </li><li class="li step stepexpand"> <span class="ph cmd">Click <span class="ph uicontrol">Confirm</span>. </span> </li></ol></section>