This topic describes how to use Key Management Service (KMS) to create a secret. KMS allows you to manage secrets in a centralized manner.


  1. Log on to the KMS console.
  2. In the top navigation bar, select the region where you want to create a secret.
  3. In the left-side navigation pane, click Secrets.
  4. Click Create Secret.
  5. In the Create Secret dialog box, set the Secret Type and corresponding parameters and click Next.
    • Managed Credential for RDS: Set the Secret name, Select RDS Instance, Set Secret Value, and Secret Description parameters.
    • Managed RAM secret: Set the Select RAM user, Set secret value, and Secret Description parameters.
    • Managed ECS secret: Set the Secret name, Managed instance, Managed User, Initial secret value, and Secret Description parameters.
    • Other secrets: Set the Secret name, Set Secret Value, Secret InitVersion, Secret Description, and Encryption Master Key parameters.
  6. In the Configuration rotation step, select Turn on automatic rotation, set the Rotation Period parameter, and then click Next.
    Note If you set the Secret Type parameter to Other secrets, you cannot enable automatic rotation in the KMS console. For more information about how to enable automatic rotation for generic secrets, see Rotate generic secrets.
  7. In the Review and confirm step, check the configuration of the secret and click OK.
    After the secret is created, you can view the details of the secret, such as the name, type, and creation time.