All Products
Search
Document Center

Key Management Service:DescribeSecret

Last Updated:May 16, 2024

Queries the metadata of a secret.

This operation returns the metadata of a secret. This operation does not return the secret value.

In this example, the metadata of the secret named secret001 is queried.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter

Type

Required

Example

Description

Action String Yes DescribeSecret

The operation that you want to perform. Set the value to DescribeSecret.

SecretName String Yes secret001

The Alibaba Cloud Resource Name (ARN) of the secret or secret resource.

Note When you access a secret within another Alibaba Cloud account, you must enter the ARN of the secret. The ARN is in the acs:kms:${region}:${account}:secret/${secret-name} format.
FetchTags String No true

Specifies whether to return the resource tags of the secret. Valid value:

  • true: The resource tags are returned.
  • false: The resource tags are not returned. This is the default value.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter

Type

Example

Description

UpdateTime String 2024-02-21T15:39:26Z

The time when the secret is updated.

CreateTime String 2024-02-21T15:39:26Z

The time when the secret is created.

NextRotationDate String 2024-07-06T18:22:03Z

The time when the next rotation is performed.

Note This parameter is returned when automatic rotation is enabled.
EncryptionKeyId String key-hzz63ca8cbe3hefht****

The ID of the key that is used to encrypt the secret value.

RotationInterval String 3153600s

The interval for automatic rotation.

The value is in the integer[unit] format. integer indicates the length of time. unit: indicates the time unit. The unit field has a fixed value of s. For example, if the value is 604800s, automatic rotation is performed at a 7-day interval.

Note This parameter is returned when automatic rotation is enabled.
Arn String acs:kms:cn-hangzhou:154035569884****:secret/secret001

The ARN of the secret.

ExtendedConfig String {\"SecretSubType\":\"SingleUser\", \"DBInstanceId\":\"rm-uf667446pc955****\", \"CustomData\":{} }

The extended configuration of the secret.

Note The parameter is returned only for ApsaraDB RDS secrets, Resource Access Management (RAM) secrets, or Elastic Compute Service (ECS) secrets.
LastRotationDate String 2022-07-05T08:22:03Z

The time when the last rotation is performed.

Note The parameter is returned if the secret is rotated.
RequestId String 93348dfb-3627-4417-8d90-487a76a909c9

The ID of the request, which is used to locate and troubleshoot issues.

Description String userinfo

The description of the secret.

SecretName String secret001

The secret name.

AutomaticRotation String Enabled

Specifies whether to enable automatic rotation. Valid values:

  • Enabled: indicates that automatic rotation is enabled.
  • Disabled: indicates that automatic rotation is disabled.
  • Invalid: indicates that the status of automatic rotation is abnormal. In this case, Key Management Service (KMS) cannot automatically rotate the secret.
Note The parameter is returned only for ApsaraDB RDS secrets, RAM secrets, or ECS secrets.
SecretType String Rds

The type of the secret. Valid values:

  • Generic: generic secret
  • Generic: ApsaraDB RDS secret
  • RAMCredentials: RAM secret
  • ECS: ECS secret
PlannedDeleteTime String 2025-03-21T15:45:12Z

The time when the secret is scheduled to be deleted.

DKMSInstanceId String kst-bjj62d8f5e0sgtx8h****

The ID of the KMS instance.

Tags Array of Tag

The resource tag of the secret.

This parameter is not returned if you set FetchTags to false or you do not specify FetchTags.

Tag
TagValue String val1

The tag value.

TagKey String key1

The tag key.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeSecret
&SecretName=secret001
&FetchTags=true
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribeSecretResponse>
    <UpdateTime>2024-02-21T15:39:26Z</UpdateTime>
    <CreateTime>2024-02-21T15:39:26Z</CreateTime>
    <NextRotationDate>2024-07-06T18:22:03Z</NextRotationDate>
    <EncryptionKeyId>key-hzz63ca8cbe3hefht****</EncryptionKeyId>
    <RotationInterval>3153600s</RotationInterval>
    <Arn>acs:kms:cn-hangzhou:154035569884****:secret/secret001</Arn>
    <ExtendedConfig>{\"SecretSubType\":\"SingleUser\", \"DBInstanceId\":\"rm-uf667446pc955****\",  \"CustomData\":{} }</ExtendedConfig>
    <LastRotationDate>2022-07-05T08:22:03Z</LastRotationDate>
    <RequestId>93348dfb-3627-4417-8d90-487a76a909c9</RequestId>
    <Description>userinfo</Description>
    <SecretName>secret001</SecretName>
    <AutomaticRotation>Enabled</AutomaticRotation>
    <SecretType>Rds</SecretType>
    <PlannedDeleteTime>2025-03-21T15:45:12Z</PlannedDeleteTime>
    <DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>
    <Tags>
        <TagValue>val1</TagValue>
        <TagKey>key1</TagKey>
    </Tags>
</DescribeSecretResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "UpdateTime" : "2024-02-21T15:39:26Z",
  "CreateTime" : "2024-02-21T15:39:26Z",
  "NextRotationDate" : "2024-07-06T18:22:03Z",
  "EncryptionKeyId" : "key-hzz63ca8cbe3hefht****",
  "RotationInterval" : "3153600s",
  "Arn" : "acs:kms:cn-hangzhou:154035569884****:secret/secret001",
  "ExtendedConfig" : "{\\\"SecretSubType\\\":\\\"SingleUser\\\", \\\"DBInstanceId\\\":\\\"rm-uf667446pc955****\\\",  \\\"CustomData\\\":{} }",
  "LastRotationDate" : "2022-07-05T08:22:03Z",
  "RequestId" : "93348dfb-3627-4417-8d90-487a76a909c9",
  "Description" : "userinfo",
  "SecretName" : "secret001",
  "AutomaticRotation" : "Enabled",
  "SecretType" : "Rds",
  "PlannedDeleteTime" : "2025-03-21T15:45:12Z",
  "DKMSInstanceId" : "kst-bjj62d8f5e0sgtx8h****",
  "Tags" : [ {
    "TagValue" : "val1",
    "TagKey" : "key1"
  } ]
}

Error codes

HTTP status code

Error code

Error message

Description

400 IllegalTimestamp The input parameter Timestamp that is mandatory for processing this request is not supplied. The input parameter timestamp indicates that the request is outside the processing time range.
400 InvalidParameter The specified parameter is not valid. The error message returned because an invalid value is specified for the parameter.
403 Forbidden.NoPermission You are not authorized to perform the operation. The error message returned because you are not authorized to perform the operation.

For a list of error codes, see Service error codes.