diff --git a/src/application/datakey.rs b/src/application/datakey.rs
index aa84612de1462b0d480e451ee5542873c7c3a28b..695e7fe7cba9cbb41e84508ae4c05c70d8f1f85a 100644
--- a/src/application/datakey.rs
+++ b/src/application/datakey.rs
@@ -35,7 +35,7 @@ pub trait KeyService: Send + Sync{
     async fn create(&self, user: UserIdentity, data: &mut DataKey) -> Result<DataKey>;
     async fn import(&self, data: &mut DataKey) -> Result<DataKey>;
     async fn get_by_name(&self, name: &str) -> Result<DataKey>;
-    async fn get_all(&self, key_type: Option<KeyType>, visibility: Visibility) -> Result<Vec<DataKey>>;
+    async fn get_all(&self, key_type: Option<KeyType>, visibility: Visibility, user_id: i32) -> Result<Vec<DataKey>>;
     async fn get_one(&self, user: Option<UserIdentity>, id_or_name: String) -> Result<DataKey>;
     //get keys content
     async fn export_one(&self, user: Option<UserIdentity>, id_or_name: String) -> Result<DataKey>;
@@ -152,13 +152,13 @@ impl<R, S> DBKeyService<R, S>
             return Err(Error::UnprivilegedError);
         }
         if parent_key.visibility != data.visibility {
-            return Err(Error::ActionsNotAllowedError(format!("parent key '{}' visibility not equal to current datakey", parent_id)));
+            return Err(Error::ActionsNotAllowedError(format!("parent key '{}' visibility not equal to current datakey", parent_key.name)));
         }
         if parent_key.key_state != KeyState::Enabled {
-            return Err(Error::ActionsNotAllowedError(format!("parent key '{}' not in enable state", parent_id)));
+            return Err(Error::ActionsNotAllowedError(format!("parent key '{}' not in enable state", parent_key.name)));
         }
         if parent_key.expire_at < data.expire_at {
-            return Err(Error::ActionsNotAllowedError(format!("parent key '{}' expire time is less than child key", parent_id)));
+            return Err(Error::ActionsNotAllowedError(format!("parent key '{}' expire time is less than child key", parent_key.name)));
         }
         if data.key_type == X509ICA && parent_key.key_type != X509CA {
             return Err(Error::ActionsNotAllowedError("only CA key is allowed for creating ICA".to_string()));
@@ -207,8 +207,8 @@ where
         self.repository.get_by_name(name).await
     }
 
-    async fn get_all(&self, key_type: Option<KeyType>, visibility: Visibility) -> Result<Vec<DataKey>> {
-        self.repository.get_all_keys(key_type, visibility).await
+    async fn get_all(&self, key_type: Option<KeyType>, visibility: Visibility, user_id: i32) -> Result<Vec<DataKey>> {
+        self.repository.get_all_keys(key_type, visibility, user_id).await
     }
 
     async fn get_one(&self, user: Option<UserIdentity>,  id_or_name: String) -> Result<DataKey> {
diff --git a/src/domain/datakey/repository.rs b/src/domain/datakey/repository.rs
index 0ff797150b1258fca8a1801e9206c09c6ca7f64c..ae6fc34d943b061fae7c8f46965e0ba866ac5547 100644
--- a/src/domain/datakey/repository.rs
+++ b/src/domain/datakey/repository.rs
@@ -24,7 +24,7 @@ use crate::domain::datakey::entity::{KeyState, KeyType, RevokedKey, Visibility,
 pub trait Repository: Send + Sync {
     async fn create(&self, data_key: DataKey) -> Result<DataKey>;
     async fn delete(&self, id: i32) -> Result<()>;
-    async fn get_all_keys(&self, key_type: Option<KeyType>, visibility: Visibility) -> Result<Vec<DataKey>>;
+    async fn get_all_keys(&self, key_type: Option<KeyType>, visibility: Visibility, user_id: i32) -> Result<Vec<DataKey>>;
     async fn get_by_id(&self, id: i32) -> Result<DataKey>;
     async fn get_by_name(&self, name: &str) -> Result<DataKey>;
     async fn update_state(&self, id: i32, state: KeyState) -> Result<()>;
diff --git a/src/infra/database/model/datakey/repository.rs b/src/infra/database/model/datakey/repository.rs
index 61d5a3d38d80cd379f353696c9caffde784aa815..d135720062443834ee06cc6158cee3db0e4360fc 100644
--- a/src/infra/database/model/datakey/repository.rs
+++ b/src/infra/database/model/datakey/repository.rs
@@ -20,8 +20,6 @@ use crate::domain::datakey::entity::{DataKey, KeyState, KeyType, ParentKey, Revo
 use crate::domain::datakey::repository::Repository;
 use crate::util::error::{Result};
 use async_trait::async_trait;
-use std::boxed::Box;
-use actix_web::web::Data;
 use chrono::Duration;
 use chrono::Utc;
 use sqlx::{MySql, Transaction};
@@ -150,11 +148,12 @@ impl Repository for DataKeyRepository {
         Ok(())
     }
 
-    async fn get_all_keys(&self, key_type: Option<KeyType>, visibility: Visibility) -> Result<Vec<DataKey>> {
+    async fn get_all_keys(&self, key_type: Option<KeyType>, visibility: Visibility, user_id: i32) -> Result<Vec<DataKey>> {
         let dtos: Vec<DataKeyDTO> = match key_type {
             None => {
-                sqlx::query_as(
-                    "SELECT D.*, U.email AS user_email, GROUP_CONCAT(R.user_email) as request_delete_users, \
+                if visibility == Visibility::Public {
+                    sqlx::query_as(
+                        "SELECT D.*, U.email AS user_email, GROUP_CONCAT(R.user_email) as request_delete_users, \
             GROUP_CONCAT(K.user_email) as request_revoke_users \
             FROM data_key D \
             INNER JOIN user U ON D.user = U.id \
@@ -162,14 +161,31 @@ impl Repository for DataKeyRepository {
             LEFT JOIN pending_operation K ON D.id = K.key_id and K.request_type = 'revoke' \
             WHERE D.key_state != ? AND D.visibility = ? \
             GROUP BY D.id")
-                    .bind(KeyState::Deleted.to_string())
-                    .bind(visibility.to_string())
-                    .fetch_all(&self.db_pool)
-                    .await?
+                        .bind(KeyState::Deleted.to_string())
+                        .bind(visibility.to_string())
+                        .fetch_all(&self.db_pool)
+                        .await?
+                } else {
+                    sqlx::query_as(
+                        "SELECT D.*, U.email AS user_email, GROUP_CONCAT(R.user_email) as request_delete_users, \
+            GROUP_CONCAT(K.user_email) as request_revoke_users \
+            FROM data_key D \
+            INNER JOIN user U ON D.user = U.id \
+            LEFT JOIN pending_operation R ON D.id = R.key_id and R.request_type = 'delete' \
+            LEFT JOIN pending_operation K ON D.id = K.key_id and K.request_type = 'revoke' \
+            WHERE D.key_state != ? AND D.visibility = ? AND D.user = ? \
+            GROUP BY D.id")
+                        .bind(KeyState::Deleted.to_string())
+                        .bind(visibility.to_string())
+                        .bind(user_id)
+                        .fetch_all(&self.db_pool)
+                        .await?
+                }
             }
             Some(key_t) => {
-                sqlx::query_as(
-                    "SELECT D.*, U.email AS user_email, GROUP_CONCAT(R.user_email) as request_delete_users, \
+               if visibility == Visibility::Public {
+                   sqlx::query_as(
+                       "SELECT D.*, U.email AS user_email, GROUP_CONCAT(R.user_email) as request_delete_users, \
             GROUP_CONCAT(K.user_email) as request_revoke_users \
             FROM data_key D \
             INNER JOIN user U ON D.user = U.id \
@@ -178,11 +194,29 @@ impl Repository for DataKeyRepository {
             WHERE D.key_state != ? AND \
             D.key_type = ? AND D.visibility = ? \
             GROUP BY D.id")
-                    .bind(KeyState::Deleted.to_string())
-                    .bind(key_t.to_string())
-                    .bind(visibility.to_string())
-                    .fetch_all(&self.db_pool)
-                    .await?
+                       .bind(KeyState::Deleted.to_string())
+                       .bind(key_t.to_string())
+                       .bind(visibility.to_string())
+                       .fetch_all(&self.db_pool)
+                       .await?
+               } else {
+                   sqlx::query_as(
+                       "SELECT D.*, U.email AS user_email, GROUP_CONCAT(R.user_email) as request_delete_users, \
+            GROUP_CONCAT(K.user_email) as request_revoke_users \
+            FROM data_key D \
+            INNER JOIN user U ON D.user = U.id \
+            LEFT JOIN pending_operation R ON D.id = R.key_id and R.request_type = 'delete' \
+            LEFT JOIN pending_operation K ON D.id = K.key_id and K.request_type = 'revoke' \
+            WHERE D.key_state != ? AND \
+            D.key_type = ? AND D.visibility = ? AND D.user = ? \
+            GROUP BY D.id")
+                       .bind(KeyState::Deleted.to_string())
+                       .bind(key_t.to_string())
+                       .bind(visibility.to_string())
+                       .bind(user_id)
+                       .fetch_all(&self.db_pool)
+                       .await?
+               }
             }
         };
         let mut results = vec![];
diff --git a/src/infra/sign_plugin/x509.rs b/src/infra/sign_plugin/x509.rs
index 56f350bca3aa735e35a0e8caf4f63c52ba27afdf..8fb897bd12674fa9f144a84aa7494473819dc686 100644
--- a/src/infra/sign_plugin/x509.rs
+++ b/src/infra/sign_plugin/x509.rs
@@ -35,7 +35,7 @@ use openssl::x509::{X509Crl, X509Extension};
 use secstr::SecVec;
 use serde::Deserialize;
 use foreign_types_shared::{ForeignType, ForeignTypeRef};
-use openssl_sys::{X509_CRL_new, X509_CRL_set_issuer_name, X509_CRL_set1_lastUpdate, X509_CRL_add0_revoked, X509_CRL_sign, X509_CRL_set1_nextUpdate, X509_REVOKED_new, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, X509};
+use openssl_sys::{X509_CRL_new, X509_CRL_set_issuer_name, X509_CRL_set1_lastUpdate, X509_CRL_add0_revoked, X509_CRL_sign, X509_CRL_set1_nextUpdate, X509_REVOKED_new, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate};
 
 use validator::{Validate, ValidationError};
 use crate::util::options;
diff --git a/src/presentation/handler/control/datakey_handler.rs b/src/presentation/handler/control/datakey_handler.rs
index 268b836cd374c890c584d500124a51e2b051a987..9e3298be9969fe2013a305208f90a4dd34cda0e2 100644
--- a/src/presentation/handler/control/datakey_handler.rs
+++ b/src/presentation/handler/control/datakey_handler.rs
@@ -146,13 +146,13 @@ async fn create_data_key(user: UserIdentity, key_service: web::Data<dyn KeyServi
         (status = 500, description = "Server internal error", body = ErrorMessage)
     )
 )]
-async fn list_data_key(_user: UserIdentity, key_service: web::Data<dyn KeyService>, key: web::Query<ListKeyQuery>) -> Result<impl Responder, Error> {
+async fn list_data_key(user: UserIdentity, key_service: web::Data<dyn KeyService>, key: web::Query<ListKeyQuery>) -> Result<impl Responder, Error> {
     let key_type = match key.key_type {
         Some(ref k) => Some(KeyType::from_str(k)?),
         None => None,
     };
     let visibility = Visibility::from_parameter(key.visibility.clone())?;
-    let keys = key_service.into_inner().get_all(key_type, visibility).await?;
+    let keys = key_service.into_inner().get_all(key_type, visibility, user.id).await?;
     let mut results = vec![];
     for k in keys {
         results.push(DataKeyDTO::try_from(k)?)