All Products
Search

This Product

    Key Management Service:ListSecrets

    Document Center

    Key Management Service:ListSecrets

    Last Updated:Oct 16, 2025

    Queries all secrets in the current region.

    Operation description

    • A Resource Access Management (RAM) user or RAM role must have the required permissions to call this operation. For more information, see Resource Access Management.

    • This operation returns the metadata of secrets, not their encrypted values.

    This topic provides an example of how to query secrets. In the example, PageNumber is set to 1 and PageSize is set to 2 to return two secrets.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    No authorization for this operation. If you encounter issues with this operation, contact technical support.

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    FetchTags

    string

    No

    Specifies whether to include the resource tags of the secrets in the response. Valid values:

    • true: The tags are included.

    • false (default): The tags are not included.

    false
    PageNumber

    integer

    No

    The page number.
    Valid values: greater than 0.
    Default value: 1.

    1
    PageSize

    integer

    No

    The number of entries per page.
    Valid values: 1 to 100.
    Default value: 10.

    2
    Filters

    string

    No

    The filter conditions for the secrets to query. The value consists of key-value pairs and can contain 0 to 10 pairs. If you filter resources by tag, a maximum of 4,000 resources can be returned. If the number of resources exceeds 4,000, call the ListResourceTags operation to perform the query.

    • Key

      • Description: The property to query.

      • Type: String.

    • Values

      • Description: The value of the property.

      • Type: String.

      • The value can contain 0 to 10 items.

    Valid values for Key:

    • If you set Key to SecretName, it indicates the secret name. Set Value to the actual secret name.

    • If you set Key to Description, it indicates the secret description. Set Value to the actual description.

    • If you set Key to TagKey, it indicates the tag key. Set Value to the actual tag key.

    • If you set Key to TagValue, it indicates the tag value. Set Value to the actual tag value.

    • If you set Key to DKMSInstanceId, it indicates the ID of the KMS instance. Set Value to the actual instance ID.

    • If you set Key to SecretType, it indicates the secret type. Set Value to Generic, Rds, Redis, RAMCredentials, ECS, or PolarDB.

    • If you set Key to Creator, it indicates the creator of the secret. Set Value to the actual creator.

    Multiple values for the same key are evaluated with a logical OR. For example, if you enter [ {"Key":"SecretName", "Values":["sec1","sec2"]} ], the semantics are: (SecretName=sec1 OR SecretName=sec2) .

    [{"Key":"SecretName", "Values":["Val1","Val2"]}]

    Response elements

    Element

    Type

    Description

    Example

    object

    PageNumber

    integer

    The page number.

    1
    PageSize

    integer

    The number of entries per page.

    2
    RequestId

    string

    The ID of the request. Alibaba Cloud generates a unique ID for each request. You can use this ID to troubleshoot issues.

    6a6287a0-ff34-4780-a790-fdfca900557f
    TotalCount

    integer

    The number of secrets in the list.

    55
    SecretList

    object

    Secret

    array<object>

    The list of secrets.

    array<object>

    SecretName

    string

    The name of the secret.

    secret001
    UpdateTime

    string

    The time when the secret was last updated.

    2024-07-17T07:59:05Z
    SecretType

    string

    The type of the secret. Valid values:

    • Generic: a generic secret.

    • Rds: an RDS secret.

    • Redis: a Redis or Tair secret.

    • RAMCredentials: a RAM secret.

    • ECS: an ECS secret.

    • PolarDB: a PolarDB secret.

    Generic
    PlannedDeleteTime

    string

    The scheduled deletion time.

    2024-08-17T07:59:05Z
    CreateTime

    string

    The time when the secret was created.

    2024-07-17T07:59:05Z
    Tags

    object

    Tag

    array<object>

    The resource tags of the secret. This parameter is not returned if FetchTags is set to false or is not specified.

    object

    The resource tags of the secret. This parameter is not returned if FetchTags is set to false or is not specified.

    TagValue

    string

    The tag value.

    val1
    TagKey

    string

    The tag key.

    key1
    OwingService

    string

    Examples

    Success response

    JSON format

    {
  "PageNumber": 1,
  "PageSize": 2,
  "RequestId": "6a6287a0-ff34-4780-a790-fdfca900557f",
  "TotalCount": 55,
  "SecretList": {
    "Secret": [
      {
        "SecretName": "secret001",
        "UpdateTime": "2024-07-17T07:59:05Z",
        "SecretType": "Generic",
        "PlannedDeleteTime": "2024-08-17T07:59:05Z",
        "CreateTime": "2024-07-17T07:59:05Z",
        "Tags": {
          "Tag": [
            {
              "TagValue": "val1",
              "TagKey": "key1"
            }
          ]
        },
        "OwingService": ""
      }
    ]
  }
}

    Error codes

    HTTP status code

    Error code

    Error message

    Description
    400 InvalidParameter some of the specified parameters "\" is not valid
    500 InternalFailure Internal Failure
    403 Forbidden.NoPermission This operation is forbidden by permission system
    404 Forbidden.ResourceNotFound Resource not found
    404 InvalidAccessKeyId.NotFound The Access Key ID provided does not exist in our records.

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.