All Products
Search

This Product

    Serverless App Engine:Distributed configuration management (ACM)

    Document Center

    Serverless App Engine:Distributed configuration management (ACM)

    Last Updated:Mar 27, 2026

    Applications can dynamically retrieve configurations from a configuration center, reducing maintenance costs. SAE integrates distributed configuration management (ACM) to provide dynamic configuration updates, environment separation, version control, data encryption, and fine-grained permission control.

    The standalone distributed configuration management (ACM) service has been discontinued, but the ACM service integrated into SAE remains available. For more comprehensive services and improved security and stability, we recommend that you migrate from ACM to MSE Nacos and then use the Nacos registry center of MSE.

    This topic does not apply to creating configuration items for a container runtime environment. For more information, see Manage and use configuration items (K8s ConfigMap).

    Create configurations

    On the SAE distributed configuration management (ACM) page, select the target region and namespace at the top of the page, click Configuration List, and then click Create Configuration. To ensure your application can retrieve the configuration, you must also integrate distributed configuration management (ACM) into your application.

    Parameters

    Parameter

    Description

    Data ID

    The unique identifier for the configuration. Use a naming convention similar to package.class (for example, com.taobao.tc.refund.log.level) to ensure global uniqueness. We recommend defining the class part based on the business context of the configuration.

    Group

    The configuration group. We recommend that you specify a product or module name. This group name must be globally unique.

    Data encryption

    Enables encryption for the configuration data. We recommend using this feature for sensitive data to reduce the risk of data leaks.

    Important

    ACM's data encryption feature requires KMS. Therefore, before using this feature, you must activate KMS and authorize ACM to use it for encryption and decryption. The Data ID of any encrypted configuration starts with cipher-. For more information, see Create an encrypted configuration.

    Configuration format

    Select the configuration format. SAE validates the data based on the format you select. The default format is TEXT.

    Configuration content

    The content of the configuration. The content should be no larger than 10 KB and must not exceed 100 KB.

    Configuration description

    A description of the configuration.

    More configurations

    Application

    The name of the application to which the configuration belongs.

    Tags

    Tags to associate with the configuration. Tags help you manage configurations by dimension. You can add up to five tags. Each tag can be up to 64 characters long.

    Integrate ACM into applications

    On the SAE distributed configuration management (ACM) page, select the target region and namespace at the top of the page, click Configuration List, and then click the target Data ID to go to the configuration details page. Click sample code and select a programming language.

    Use the sample code to integrate distributed configuration management (ACM) into your application. For more information, see ACM SDK.

    View configuration content

    On the SAE distributed configuration management (ACM) page, select the target region and namespace at the top of the page, click Configuration List, and then click the target Data ID to go to the configuration details page. Click Configuration Content.

    Export configurations

    On the SAE distributed configuration management (ACM) page, select the target region and namespace at the top of the page. In the Configuration List, select the target configurations, click Export at the bottom of the page, and then click Export in the dialog box that appears to confirm. The configurations are exported as a ZIP package.

    Import configurations

    On the SAE distributed configuration management (ACM) page, select the target region and namespace at the top of the page. In the Configuration List, click Import Configuration, and then click Upload File. The imported configuration file must be a ZIP package.

    Query and roll back historical versions

    You can query the historical versions of a configuration and roll back if an update fails.

    On the SAE distributed configuration management (ACM) page, select the target region and namespace at the top of the page, click Configuration List, and then click the target Data ID to go to the configuration details page. Click Historical versions. In the Actions column of the target historical version, click View or Rollback.

    Query push status

    You can check whether a configuration has been pushed to the applications that are listening for it.

    On the SAE distributed configuration management (ACM) page, select the target region and namespace at the top of the page, click Configuration List, and then click the target Data ID to go to the configuration details page. Click Listener Query, and then check the push status.

    Query push track

    You can query the push track of a configuration to troubleshoot issues, such as a configuration update that failed to take effect.

    On the SAE distributed configuration management (ACM) page, select the target region and namespace at the top of the page, click Configuration List, and then click the target Data ID to go to the configuration details page. Click Push Track, and then query the push track.

    Create encrypted configurations

    Encrypted configurations secure sensitive information, such as data sources, tokens, usernames, and passwords, reducing the risk of data leaks.

    Prerequisites

    1. Purchase a dedicated KMS instance.

    2. Authorize ACM to use KMS.

    3. Grant permissions to a RAM user: AliyunACMFullAccess, AliyunKMSCryptoAdminAccess.

    4. Create an AccessKey for a RAM user, and then perform operations as the RAM user. Only AccessKeys for RAM users are supported. ACM-specific AccessKeys are not supported.

    On the SAE distributed configuration management (ACM) page, select the target region and namespace at the top of the page, click Configuration List, and then click Create Configuration. Enable Data encryption and select an encryption method.

    Parameters

    Parameter

    Description

    Encryption method

    • KMS AES-128 Encryption (Recommended): Uses the envelope encryption method of KMS. The data size cannot exceed 100 KB. This method provides higher security because plaintext data is not transmitted to the KMS system. This method is recommended.

    • KMS Encryption: Directly calls KMS to encrypt the configuration. The data size should be 4 KB or less, and must not exceed 6 KB. Using special characters, such as &, may cause decryption errors. This method is not recommended.

    Integrate encrypted ACM configurations in applications

    On the SAE distributed configuration management (ACM) page, select the target region and namespace at the top of the page, click Configuration List, and then click the target Data ID to go to the configuration details page. Click sample code and select a programming language.

    You need to configure the AccessKey/SecretKey of a RAM user in your application to decrypt data. The Java and Python SDKs have integrated the KMS SDK, and you can add a decryption filter to automatically decrypt data. For decryption in other languages, see Decrypt.