Document Center

All Products

Document Center

Key Management Service:GetSecretValue

Last Updated:Sep 01, 2023

Queries a secret value by using a KMS Instance gateway.

Request parameters

Parameter	Type	Required	Example	Description
SecretName	string	Yes	secret001	The secret name.
VersionStage	String	No	ACSCurrent	The stage label that marks the secret version. If you specify this parameter, Secrets Manager returns the secret value of the version that is marked with the specified stage label. Default value: ACSCurrent. Note If you configure VersionStage and VersionId, the system checks whether the secret values that are specified by the parameters exist. If the secret values exist, the secret values are returned. If the secret values do not exist, a parameter error is returned.
VersionId	String	No	00000000000000000000000000000001	The version number. If you specify this parameter, Secrets Manager returns the secret value of the specified version. Note If you configure VersionStage and VersionId, the system checks whether the secret values that are specified by the parameters exist. If the secret values exist, the secret values are returned. If the secret values do not exist, a parameter error is returned.
FetchExtendedConfig	Boolean	No	false	Specifies whether to obtain the extended configuration of the secret. true (default) false

Response parameters

Parameter	Type	Example	Description
SecretName	String	secret001	The secret name.
SecretType	String	Generic	The type of the secret. Valid values: Generic: indicates a generic secret.
SecretData	String	testdata1	The secret value. Secrets Manager decrypts the ciphertext of the secret value and returns the plaintext of the secret value for this parameter.
SecretDataType	String	binary	The type of the secret value. Valid values: text binary
VersionId	String	00000000000000000000000000000001	The version number of the secret value.
VersionStages	List	[ "ACSCurrent" ]	The stage label that marks the secret version.
CreateTime	String	2020-02-21T15:39:26Z	The time when the secret was created.
RequestId	String	6a3e9c36-1150-4881-84d3-eb8672fcafad	The request ID.
LastRotationDate	String	2020-07-05T08:22:03Z	The time when the last rotation was performed.
NextRotationDate	String	2020-07-06T18:22:03Z	The time when the next rotation will be performed.
ExtendedConfig	String	{\"SecretSubType\":\"SingleUser\", \"DBInstanceId\":\"rm-uf667446pc955****\", \"CustomData\":{} }	The extended configuration of the secret.
AutomaticRotation	String	Enabled	Specifies whether to enable automatic rotation. Valid values: Enabled: indicates that automatic rotation is enabled. Disabled: indicates that automatic rotation is disabled. Invalid: indicates that the status of automatic rotation is abnormal. In this case, Secrets Manager cannot automatically rotate the secret.
RotationInterval	String	604800s	The automatic rotation period. The value must be in the `integer[unit] format`. integer: indicates the length of time. [unit]: indicates the time unit. Valid values: s (seconds). For example, if the rotation period is seven days, this parameter is set to 604800s.

Error codes

HTTP status code	Error code	Error message	Description
404	Forbidden.ResourceNotFound	The resource does not exist in the system.	The secret does not exist.
409	Rejected.Disabled	The request was rejected because the key state is Disabled.	The key that is used to encrypt secrets is disabled.

For a list of error codes, see Service error codes.