Documentation Index
Fetch the complete documentation index at: https://docs.phala.com/llms.txt
Use this file to discover all available pages before exploring further.
KMS (Key Management Service) methods let you query the key management infrastructure used to encrypt CVM environment variables and manage on-chain app contracts. Most applications use the default "phala" KMS type, but the SDK supports querying any available KMS.
GetKMSList
GET /kms
Returns a paginated list of all available KMS servers.
func (c *Client) GetKMSList(ctx context.Context) (*GetKMSListResponse, error)
*GetKMSListResponse — a Paginated[KMSInfo] containing:
| Field | Type | Description |
|---|
Items | []KMSInfo | List of KMS servers |
Total | int | Total count |
Page | int | Current page |
PageSize | int | Items per page |
Pages | int | Total pages |
KMSInfo contains:
| Field | Type | Description |
|---|
ID | string | KMS identifier |
Slug | *string | URL-friendly slug |
URL | string | KMS server URL |
Version | string | KMS version |
ChainID | *int | Blockchain chain ID (for on-chain KMS) |
KMSContractAddress | *string | On-chain KMS contract address |
kmsList, err := client.GetKMSList(ctx)
if err != nil {
log.Fatal(err)
}
for _, kms := range kmsList.Items {
fmt.Printf("KMS: %s (version: %s)\n", kms.ID, kms.Version)
}
GetKMSInfo
GET /kms/{kmsId}
Returns detailed information about a specific KMS server.
func (c *Client) GetKMSInfo(ctx context.Context, kmsID string) (*KMSInfo, error)
| Field | Type | Required | Description |
|---|
kmsID | string | Yes | KMS identifier |
*KMSInfo
kms, err := client.GetKMSInfo(ctx, "phala")
if err != nil {
log.Fatal(err)
}
fmt.Printf("KMS URL: %s\n", kms.URL)
GetAppEnvEncryptPubKey
GET /kms/{kmsType}/pubkey/{appId}
Returns the public key used to encrypt environment variables for a specific app. You need this key to encrypt env vars before passing them to UpdateCVMEnvs or CommitCVMProvision.
func (c *Client) GetAppEnvEncryptPubKey(ctx context.Context, kmsType, appID string) (*AppEnvPubKeyResponse, error)
| Field | Type | Required | Description |
|---|
kmsType | string | Yes | KMS type (e.g., "phala") |
appID | string | Yes | Application identifier |
*AppEnvPubKeyResponse (generic map containing the public key)
pubkey, err := client.GetAppEnvEncryptPubKey(ctx, "phala", "app-abc123")
if err != nil {
log.Fatal(err)
}
The encryption public key is specific to each app and KMS combination. Always fetch a fresh key before encrypting environment variables.
GetKMSOnChainDetail
GET /kms/on-chain/{chain}
Returns on-chain details for a KMS on a specific blockchain, including contract addresses, registered devices, and OS images.
func (c *Client) GetKMSOnChainDetail(ctx context.Context, chain string) (*KMSOnChainDetail, error)
| Field | Type | Required | Description |
|---|
chain | string | Yes | Chain name (e.g., "base") |
*KMSOnChainDetail containing:
| Field | Type | Description |
|---|
ChainName | string | Blockchain name |
ChainID | int | Blockchain chain ID |
Contracts | []OnChainKMSContract | List of KMS contracts with devices and OS images |
detail, err := client.GetKMSOnChainDetail(ctx, "base")
if err != nil {
log.Fatal(err)
}
fmt.Printf("Chain: %s (ID: %d), Contracts: %d\n", detail.ChainName, detail.ChainID, len(detail.Contracts))
NextAppIDs
GET /kms/phala/next_app_id
Returns the next available app IDs for provisioning. Useful when you need to reserve an app ID before deployment.
func (c *Client) NextAppIDs(ctx context.Context) (*NextAppIDsResponse, error)
*NextAppIDsResponse (generic map)
nextIDs, err := client.NextAppIDs(ctx)
if err != nil {
log.Fatal(err)
}
