Obtains the metadata of a secret.

This operation returns the metadata information about a secret. This operation does not return the encrypted secret value.

In this example, the metadata of the secret named secret001 is queried.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeSecret

The operation that you want to perform. Set the value to DescribeSecret.

SecretName String Yes secret001

The name of the secret.

FetchTags String No true

Specifies whether to return the resource tags of the secret. Valid values:

  • true: The resource tags are returned.
  • false: The resource tags are not returned. This is the default value.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
Arn String acs:kms:cn-hangzhou:154035569884****:secret/secret001

The Alibaba Cloud Resource Name (ARN) of the secret.

AutomaticRotation String Enabled

Indicates whether automatic rotation is enabled. Valid values:

  • Enabled: indicates that automatic rotation is enabled.
  • Disabled: indicates that automatic rotation is disabled.
  • Invalid: indicates that the status of automatic rotation is abnormal. In this case, Secrets Manager cannot automatically rotate the secret.
Note This parameter is returned only for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.
CreateTime String 2020-02-21T15:39:26Z

The time when the secret was created.

Description String userinfo

The description of the secret.

EncryptionKeyId String 00aa68af-2c02-4f68-95fe-3435d330****

The ID of the customer master key (CMK) that is used to encrypt the secret value.

ExtendedConfig String {\"SecretSubType\":\"SingleUser\", \"DBInstanceId\":\"rm-uf667446pc955****\", \"CustomData\":{} }

The extended configuration of the secret.

Note This parameter is returned only for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.
LastRotationDate String 2020-07-05T08:22:03Z

The time when the last rotation was performed.

Note This parameter is returned if the secret was rotated.
NextRotationDate String 2020-07-06T18:22:03Z

The time when the next rotation will be performed.

Note This parameter is returned if automatic rotation is enabled.
PlannedDeleteTime String 2020-03-21T15:45:12Z

The time when the secret is scheduled to be deleted.

RequestId String 93348dfb-3627-4417-8d90-487a76a909c9

The ID of the request.

RotationInterval String 3153600s

The interval for automatic rotation.

The value is in the integer[unit] format. The unit field has a fixed value of s. For example, if the value is 604800s, automatic rotation is performed at a 7-day interval.

Note This parameter is returned if automatic rotation is enabled.
SecretName String secret001

The name of the secret.

SecretType String Rds

The type of the secret. Valid values:

  • Generic: indicates a generic secret.
  • Rds: indicates a managed ApsaraDB RDS secret.
  • RAMCredentials: indicates a managed RAM secret.
  • ECS: indicates a managed ECS secret.
Tags Array of Tag

The resource tags of the secret.

This parameter is not returned if you set the FetchTags parameter to false or does not specify the FetchTags parameter.

Tag
TagKey String key1

The key of the tag.

TagValue String val1

The value of the tag.

UpdateTime String 2020-02-21T15:39:26Z

The time when the secret was updated.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeSecret
&SecretName=secret001
&<Common request parameters>

Sample success responses

XML format

<KMS>
      <Arn>acs:kms:cn-hangzhou:154035569884****:secret/secret001</Arn>
      <SecretName>secret001</SecretName>
      <Description>userinfo</Description>
      <CreateTime>2021-01-08T10:50:05Z</CreateTime>
      <UpdateTime>2021-01-08T10:50:05Z</UpdateTime>
      <RequestId>93f84812-66d2-467a-9aec-61f6f53919dc</RequestId>
      <SecretType>Rds</SecretType>
      <AutomaticRotation>Disabled</AutomaticRotation>
      <ExtendedConfig>{"SecretSubType":"SingleUser", "DBInstanceId":"rm-uf667446pc955****",  "CustomData":{} }</ExtendedConfig>
</KMS>

JSON format

{
    "Arn": "acs:kms:cn-hangzhou:154035569884****:secret/secret001",
    "SecretName": "secret001",
    "Description": "userinfo",
    "CreateTime": "2021-01-08T10:50:05Z",
    "UpdateTime": "2021-01-08T10:50:05Z",
    "RequestId": "93f84812-66d2-467a-9aec-61f6f53919dc",
    "SecretType": "Rds",
    "AutomaticRotation": "Disabled",
    "ExtendedConfig": "{\"SecretSubType\":\"SingleUser\", \"DBInstanceId\":\"rm-uf667446pc955****\",  \"CustomData\":{} }"
}

Error codes

For a list of error codes, visit the API Error Center.