All Products
Search
Document Center

Key Management Service:UpdateSecretRotationPolicy

Last Updated:May 16, 2024

Updates the automatic rotation policy of a secret.

Limits: The UpdateSecretRotationPolicy operation cannot be used to update the rotation policy of standard secrets.

Note

Generic secrets do not support automatic rotation. You cannot call the operation for generic secrets.

After automatic rotation is enabled, Key Management Service (KMS) schedules the first automatic rotation by adding the preset rotation interval to the timestamp of the last rotation. If the time is earlier than the current time, the first automatic rotation starts immediately.

In this example, the rotation policy of the RdsSecret/Mysql5.4/MyCred secret is updated. The following descriptions provide details:

  • EnableAutomaticRotation is set to true, which indicates that automatic rotation is enabled.

  • RotationInterval is set to 30d, which indicates that the interval for automatic rotation is 30 days.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter

Type

Required

Example

Description

Action

String

Yes

UpdateSecretRotationPolicy

The operation that you want to perform. Set the value to UpdateSecretRotationPolicy.

SecretName

String

Yes

RdsSecret/Mysql5.4/MyCred

The Alibaba Cloud Resource Name (ARN) of the secret or secret resource.

Note

When you access a secret within another Alibaba Cloud account, you must enter the ARN of the secret. The ARN is in the acs:kms:${region}:${account}:secret/${secret-name} format.

EnableAutomaticRotation

Boolean

Yes

true

Specifies whether to enable automatic rotation. Valid values:

  • true

  • false (default)

RotationInterval

String

No

30d

The interval for automatic rotation. Valid values: 168 hours (7 days) to 8,760 hours (365 days).

The value is in the integer[unit] format.

The unit can be d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s indicate a seven-day interval.

Note

This parameter is required if you set EnableAutomaticRotation to true. This parameter is ignored if you set EnableAutomaticRotation to false or does not set EnableAutomaticRotation.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter

Type

Example

Description

SecretName

String

RdsSecret/Mysql5.4/MyCred

The secret name.

RequestId

String

2c124f6f-4210-499f-b88a-69f54004d2d8

The ID of the request, which is used to locate and troubleshoot issues.

Examples

Sample requests

http(s)://[Endpoint]/?Action=UpdateSecretRotationPolicy
&SecretName=RdsSecret/Mysql5.4/MyCred
&EnableAutomaticRotation=true
&RotationInterval=30d
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<UpdateSecretRotationPolicyResponse>
    <SecretName>RdsSecret/Mysql5.4/MyCred</SecretName>
    <RequestId>2c124f6f-4210-499f-b88a-69f54004d2d8</RequestId>
</UpdateSecretRotationPolicyResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "SecretName" : "RdsSecret/Mysql5.4/MyCred",
  "RequestId" : "2c124f6f-4210-499f-b88a-69f54004d2d8"
}

Error codes

For a list of error codes, see Service error codes.