DescribeSecret - Key Management Service - Alibaba Cloud Documentation Center

Queries the metadata of a secret.

Operation description

This operation returns the metadata of a secret. This operation does not return the secret value.

In this example, the metadata of the secret named secret001 is queried.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
SecretName	string	Yes	The name of the secret.	secret001
FetchTags	string	No	Specifies whether to return the resource tags of the secret. Valid values: true: The resource tags are returned. false: The resource tags are not returned. This is the default value.	true

For more information about common request parameters, see Common parameters.

Response parameters

Parameter	Type	Description	Example
	object
UpdateTime	string	The time when the secret was updated.	2022-02-21T15:39:26Z
CreateTime	string	The time when the secret was created.	2022-02-21T15:39:26Z
NextRotationDate	string	The time when the next rotation will be performed. Note This parameter is returned when automatic rotation is enabled.	2022-07-06T18:22:03Z
EncryptionKeyId	string	The ID of the customer master key (CMK) that is used to encrypt the secret value.	00aa68af-2c02-4f68-95fe-3435d330****
RotationInterval	string	The interval for automatic rotation. The value is in the `integer[unit]` format. `integer` indicates the length of time. `unit`: indicates the time unit. The value of `unit` is fixed as s. For example, if the value is 604800s, automatic rotation is performed at a 7-day interval. Note This parameter is returned when automatic rotation is enabled.	3153600s
Arn	string	The Alibaba Cloud Resource Name (ARN) of the secret.	acs:kms:cn-hangzhou:154035569884****:secret/secret001
ExtendedConfig	string	The extended configuration of the secret. Note This parameter is returned only for a managed ApsaraDB RDS secret, a managed Resource Access Management (RAM) secret, or a managed Elastic Compute Service (ECS) secret.	{\"SecretSubType\":\"SingleUser\", \"DBInstanceId\":\"rm-uf667446pc955****\", \"CustomData\":{} }
LastRotationDate	string	The time when the last rotation was performed. Note This parameter is returned if the secret was rotated.	2022-07-05T08:22:03Z
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	93348dfb-3627-4417-8d90-487a76a909c9
Description	string	The description of the secret.	userinfo
SecretName	string	The name of the secret.	secret001
AutomaticRotation	string	Indicates whether automatic rotation is enabled. Valid values: Enabled: indicates that automatic rotation is enabled. Disabled: indicates that automatic rotation is disabled. Invalid: indicates that the status of automatic rotation is abnormal. In this case, Secrets Manager cannot automatically rotate the secret. Note This parameter is returned only for a managed ApsaraDB RDS secret, a managed RAM secret, or a managed ECS secret.	Enabled
SecretType	string	The type of the secret. Valid values: Generic: indicates a generic secret. Rds: indicates a managed ApsaraDB RDS secret. RAMCredentials: indicates a managed RAM secret. ECS: indicates a managed ECS secret.	Rds
PlannedDeleteTime	string	The time when the secret is scheduled to be deleted.	2022-03-21T15:45:12Z
DKMSInstanceId	string	The ID of the dedicated KMS instance.	kst-bjj62d8f5e0sgtx8h****
Tags	array<object>	The resource tags of the secret. This parameter is not returned if you set the FetchTags parameter to false or you do not specify the FetchTags parameter.
Tag	object
TagValue	string	The tag value.	val1
TagKey	string	The tag key.	key1

Examples

Sample success responses

JSONformat

{
  "UpdateTime": "2022-02-21T15:39:26Z",
  "CreateTime": "2022-02-21T15:39:26Z",
  "NextRotationDate": "2022-07-06T18:22:03Z",
  "EncryptionKeyId": "00aa68af-2c02-4f68-95fe-3435d330****",
  "RotationInterval": "3153600s",
  "Arn": "acs:kms:cn-hangzhou:154035569884****:secret/secret001",
  "ExtendedConfig": "{\\\"SecretSubType\\\":\\\"SingleUser\\\", \\\"DBInstanceId\\\":\\\"rm-uf667446pc955****\\\",  \\\"CustomData\\\":{} }",
  "LastRotationDate": "2022-07-05T08:22:03Z",
  "RequestId": "93348dfb-3627-4417-8d90-487a76a909c9",
  "Description": "userinfo",
  "SecretName": "secret001",
  "AutomaticRotation": "Enabled",
  "SecretType": "Rds",
  "PlannedDeleteTime": "2022-03-21T15:45:12Z",
  "DKMSInstanceId": "kst-bjj62d8f5e0sgtx8h****",
  "Tags": {
    "Tag": [
      {
        "TagValue": "val1",
        "TagKey": "key1"
      }
    ]
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidParameter	some of the specified parameters "\" is not valid	-
400	IllegalTimestamp	The input parameter Timestamp that is mandatory for processing this request is not supplied.	The input parameter timestamp indicates that the request is outside the processing time range.
403	Forbidden.NoPermission	This operation is forbidden by permission system	-
404	Forbidden.ResourceNotFound	Resource not found	-
404	InvalidAccessKeyId.NotFound	The Access Key ID provided does not exist in our records.	-
500	InternalFailure	Internal Failure	-

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2023-03-08	The Error code has changed	View Change Details