All Products
Search

This Product

    Key Management Service:RotateSecret

    Document Center

    Key Management Service:RotateSecret

    Last Updated:Mar 12, 2026

    Immediately rotates a secret.

    Operation description

    Limits:

    • A secret of each Alibaba Cloud account can be rotated for a maximum of 50 times per hour.

    • The RotateSecret operation is unavailable for standard secrets.

    In this example, the RdsSecret/Mysql5.4/MyCred secret is manually rotated, and the version number of the secret is set to 000000123 after the secret is rotated.

    For more information about the access policy required by a RAM user or RAM role to call this API, see Resource Access Management.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    No authorization for this operation. If you encounter issues with this operation, contact technical support.

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    SecretName

    string

    Yes

    The name of the secret.

    RdsSecret/Mysql5.4/MyCred
    VersionId

    string

    Yes

    The version number of the secret after the secret is rotated.

    Note

    The version number is used to ensure the idempotence of the request. Secrets Manager uses this version number to prevent your application from creating the same version of the secret when the application retries a request. If a version number already exists, Secrets Manager ignores the request for rotation and returns a success message.

    000000123

    Response elements

    Element

    Type

    Description

    Example

    object

    VersionId

    string

    The version number of the secret after the secret is rotated.

    000000123
    SecretName

    string

    The name of the secret.

    RdsSecret/Mysql5.4/MyCred
    RequestId

    string

    The request ID.

    10257c86-269d-43aa-aaf3-90ed4144bb7c
    Arn

    string

    The Alibaba Cloud Resource Name (ARN) of the secret.

    acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred

    Examples

    Success response

    JSON format

    {
  "VersionId": "000000123",
  "SecretName": "RdsSecret/Mysql5.4/MyCred",
  "RequestId": "10257c86-269d-43aa-aaf3-90ed4144bb7c",
  "Arn": "acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred"
}

    Error codes

    HTTP status code

    Error code

    Error message

    Description
    400 InvalidParameter The specified parameter is not valid. An invalid value is specified for the parameter.
    404 InvalidAccessKeyId.NotFound The Access Key ID provided does not exist in our records.

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.