CreateSecret - Serverless App Engine - Alibaba Cloud Documentation Center

Creates a Secret in a namespace.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- For mandatory resource types, indicate with a prefix of * .
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
sae:CreateSecret		All Resources ``	none	none

Request syntax

POST /pop/v1/sam/secret/secret HTTP/1.1

Request parameters

Parameter	Type	Required	Description	Example
NamespaceId	string	Yes	The ID of the namespace where the Secret resides. If the namespace is the default namespace, you need to only enter the region ID, such as `cn-beijing`.	cn-beijing:test
SecretName	string	Yes	The Secret name. The name can contain digits, letters, and underscores (_). The name must start with a letter.	registry-auth-acree
SecretType	string	Yes	The supported Secret type. Valid values: kubernetes.io/dockerconfigjson: the Secret for the username and password of the image repository. The Secret is used for authentication when images are pulled during application deployment. Valid values: Opaque kubernetes.io/dockerconfigjson kubernetes.io/tls	kubernetes.io/dockerconfigjson
SecretData	object	Yes	The Secret data.
SecretData	string	Yes	The information about the key-value pairs of the Secret. This parameter is required. The following formats are supported: {"Data":"{"k1":"v1", "k2":"v2"}"} k specifies a key and v specifies a value.	{".dockerconfigjson":"eyJhdXRocyI6eyJyZWdpc3RyeS12cGMuY24tYmVpamluZy5hbGl5dW5jcy5jb20iOnsidXNlcm5hbWUiOiJ1c2VybmFtZSIsInBhc3N3b3JkIjoicGFzc3dvcmQiLCJhdXRoIjoiZFhObGNtNWhiV1U2Y0dGemMzZHZjbVE9In0sInJlZ2lzdHJ5LmNuLWJlaWppbmcuYWxpeXVuY3MuY29tIjp7InVzZXJuYW1lIjoidXNlcm5hbWUiLCJwYXNzd29yZCI6InBhc3N3b3JkIiwiYXV0aCI6ImRYTmxjbTVoYldVNmNHRnpjM2R2Y21RPSJ9fX0="}

Example 1: Use a username and password to pull an image from Container Registry over an internal network across accounts

Enter both the public and internal domain names.
Configure the username, password, and auth fields to prevent authentication failures. The format of auth is base64Encode($username:$password).

The following code describes the default formats of the field values:

SecretData[".dockerconfigjson"]=base64Encode(
{
  "auths": {
    "registry-vpc.cn-beijing.aliyuncs.com": {  // $internal domain name
      "username": "username",
      "password": "password",
      "auth": "dXNlcm5hbWU6cGFzc3dvcmQ="
    },
    "registry.cn-beijing.aliyuncs.com": {     // $public domain name      "username": "username",                 // $username
      "password": "password",                 // $password
      "auth": "dXNlcm5hbWU6cGFzc3dvcmQ="      // base64Encode($username:$password)
    }
  }
} )

Response parameters

Parameter	Type	Description	Example
	object	The queried polices.
RequestId	string	The request ID.	91F93257-7A4A-4BD3-9A7E-2F6EAE6D****
Message	string	The message returned for the operation.	success
TraceId	string	The ID of the trace. The ID is used to query the details of a request.	0a98a02315955564772843261e****
Data	object	The returned result.
SecretId	long	The ID of the created Secret.	16
ErrorCode	string	The status code. Value values: If the request was successful, ErrorCode is not returned. If the request failed, ErrorCode is returned. For more information, see Error codes in this topic.	400
Code	string	The HTTP status code or the error code. Valid values: 2xx: The request was successful. 3xx: The request was redirected. 4xx: The request failed. 5xx: A server error occurred.	200
Success	boolean	Indicates whether the Secret was created. Valid values: true: The ConfigMap was created. false: The ConfigMap failed to be created.	true

Examples

Sample success responses

JSONformat

{
  "RequestId": "91F93257-7A4A-4BD3-9A7E-2F6EAE6D****",
  "Message": "success",
  "TraceId": "0a98a02315955564772843261e****",
  "Data": {
    "SecretId": 16
  },
  "ErrorCode": 400,
  "Code": 200,
  "Success": true
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidParameter.NotEmpty	You must specify the parameter %s.	-
400	InvalidParameter.Obviously	The specified parameter is invalid {%s}.	-
400	InvalidParameter.WithMessage	The parameter is invalid {%s}: %s	-
400	SecretNameConflict.AlreadyExist	The specified SecretName [%s] already exist in this namespace.	-
400	QuotaExceeded.SecretInNamespace	The specified secret exceeded quota [%s].	-
400	QuotaExceeded.SecretDataKey	The specified key in SecretData exceeded quota [%s].	-
400	InvalidSecretType.NotAvailable	The specified SecretType [%s] is not supported.	-
400	InvalidSecretDataKey.NotFound	The specified Key [%s] does not exist in the specified Secret [%s].	-
404	InvalidNamespaceId.NotFound	The specified NamespaceId does not exist.	-
500	OperationFailed.RPCError	Internal RPC request processing error.	Internal RPC request processing error.

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2023-05-24	The Error code has changed	View Change Details