Queries the metadata of a secret.
This operation returns the metadata of a secret. This operation does not return the secret value.
In this example, the metadata of the secret named secret001 is queried.
Debugging
Request parameters
|
Parameter |
Type |
Required |
Example |
Description |
| Action | String | Yes | DescribeSecret | The operation that you want to perform. Set the value to DescribeSecret. |
| SecretName | String | Yes | secret001 | The Alibaba Cloud Resource Name (ARN) of the secret or secret resource. Note When you access a secret within another Alibaba Cloud account, you must enter the ARN of the secret. The ARN is in the acs:kms:${region}:${account}:secret/${secret-name} format. |
| FetchTags | String | No | true | Specifies whether to return the resource tags of the secret. Valid value:
|
For more information about common request parameters, see Common parameters.
Response parameters
Parameter |
Type |
Example |
Description |
| UpdateTime | String | 2024-02-21T15:39:26Z | The time when the secret is updated. |
| CreateTime | String | 2024-02-21T15:39:26Z | The time when the secret is created. |
| NextRotationDate | String | 2024-07-06T18:22:03Z | The time when the next rotation is performed. Note This parameter is returned when automatic rotation is enabled. |
| EncryptionKeyId | String | key-hzz63ca8cbe3hefht**** | The ID of the key that is used to encrypt the secret value. |
| RotationInterval | String | 3153600s | The interval for automatic rotation. The value is in the Note This parameter is returned when automatic rotation is enabled. |
| Arn | String | acs:kms:cn-hangzhou:154035569884****:secret/secret001 | The ARN of the secret. |
| ExtendedConfig | String | {\"SecretSubType\":\"SingleUser\", \"DBInstanceId\":\"rm-uf667446pc955****\", \"CustomData\":{} } | The extended configuration of the secret. Note The parameter is returned only for ApsaraDB RDS secrets, Resource Access Management (RAM) secrets, or Elastic Compute Service (ECS) secrets. |
| LastRotationDate | String | 2022-07-05T08:22:03Z | The time when the last rotation is performed. Note The parameter is returned if the secret is rotated. |
| RequestId | String | 93348dfb-3627-4417-8d90-487a76a909c9 | The ID of the request, which is used to locate and troubleshoot issues. |
| Description | String | userinfo | The description of the secret. |
| SecretName | String | secret001 | The secret name. |
| AutomaticRotation | String | Enabled | Specifies whether to enable automatic rotation. Valid values:
Note The parameter is returned only for ApsaraDB RDS secrets, RAM secrets, or ECS secrets. |
| SecretType | String | Rds | The type of the secret. Valid values:
|
| PlannedDeleteTime | String | 2025-03-21T15:45:12Z | The time when the secret is scheduled to be deleted. |
| DKMSInstanceId | String | kst-bjj62d8f5e0sgtx8h**** | The ID of the KMS instance. |
| Tags | Array of Tag | The resource tag of the secret. This parameter is not returned if you set FetchTags to false or you do not specify FetchTags. |
|
| Tag | |||
| TagValue | String | val1 | The tag value. |
| TagKey | String | key1 | The tag key. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=DescribeSecret
&SecretName=secret001
&FetchTags=true
&Common request parametersSample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<DescribeSecretResponse>
<UpdateTime>2024-02-21T15:39:26Z</UpdateTime>
<CreateTime>2024-02-21T15:39:26Z</CreateTime>
<NextRotationDate>2024-07-06T18:22:03Z</NextRotationDate>
<EncryptionKeyId>key-hzz63ca8cbe3hefht****</EncryptionKeyId>
<RotationInterval>3153600s</RotationInterval>
<Arn>acs:kms:cn-hangzhou:154035569884****:secret/secret001</Arn>
<ExtendedConfig>{\"SecretSubType\":\"SingleUser\", \"DBInstanceId\":\"rm-uf667446pc955****\", \"CustomData\":{} }</ExtendedConfig>
<LastRotationDate>2022-07-05T08:22:03Z</LastRotationDate>
<RequestId>93348dfb-3627-4417-8d90-487a76a909c9</RequestId>
<Description>userinfo</Description>
<SecretName>secret001</SecretName>
<AutomaticRotation>Enabled</AutomaticRotation>
<SecretType>Rds</SecretType>
<PlannedDeleteTime>2025-03-21T15:45:12Z</PlannedDeleteTime>
<DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>
<Tags>
<TagValue>val1</TagValue>
<TagKey>key1</TagKey>
</Tags>
</DescribeSecretResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"UpdateTime" : "2024-02-21T15:39:26Z",
"CreateTime" : "2024-02-21T15:39:26Z",
"NextRotationDate" : "2024-07-06T18:22:03Z",
"EncryptionKeyId" : "key-hzz63ca8cbe3hefht****",
"RotationInterval" : "3153600s",
"Arn" : "acs:kms:cn-hangzhou:154035569884****:secret/secret001",
"ExtendedConfig" : "{\\\"SecretSubType\\\":\\\"SingleUser\\\", \\\"DBInstanceId\\\":\\\"rm-uf667446pc955****\\\", \\\"CustomData\\\":{} }",
"LastRotationDate" : "2022-07-05T08:22:03Z",
"RequestId" : "93348dfb-3627-4417-8d90-487a76a909c9",
"Description" : "userinfo",
"SecretName" : "secret001",
"AutomaticRotation" : "Enabled",
"SecretType" : "Rds",
"PlannedDeleteTime" : "2025-03-21T15:45:12Z",
"DKMSInstanceId" : "kst-bjj62d8f5e0sgtx8h****",
"Tags" : [ {
"TagValue" : "val1",
"TagKey" : "key1"
} ]
}Error codes
|
HTTP status code |
Error code |
Error message |
Description |
| 400 | IllegalTimestamp | The input parameter Timestamp that is mandatory for processing this request is not supplied. | The input parameter timestamp indicates that the request is outside the processing time range. |
| 400 | InvalidParameter | The specified parameter is not valid. | The error message returned because an invalid value is specified for the parameter. |
| 403 | Forbidden.NoPermission | You are not authorized to perform the operation. | The error message returned because you are not authorized to perform the operation. |
For a list of error codes, see Service error codes.