UpdateSecretRotationPolicy - Key Management Service - Alibaba Cloud Documentation Center

Updates the automatic rotation policy of a secret.

Limits: The UpdateSecretRotationPolicy operation cannot be used to update the rotation policy of standard secrets.

Note

Generic secrets do not support automatic rotation. You cannot call the operation for generic secrets.

After automatic rotation is enabled, Key Management Service (KMS) schedules the first automatic rotation by adding the preset rotation interval to the timestamp of the last rotation. If the time is earlier than the current time, the first automatic rotation starts immediately.

In this example, the rotation policy of the RdsSecret/Mysql5.4/MyCred secret is updated. The following descriptions provide details:

EnableAutomaticRotation is set to true, which indicates that automatic rotation is enabled.
RotationInterval is set to 30d, which indicates that the interval for automatic rotation is 30 days.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter	Type	Required	Example	Description
Action	String	Yes	UpdateSecretRotationPolicy	The operation that you want to perform. Set the value to UpdateSecretRotationPolicy.
SecretName	String	Yes	RdsSecret/Mysql5.4/MyCred	The Alibaba Cloud Resource Name (ARN) of the secret or secret resource. Note When you access a secret within another Alibaba Cloud account, you must enter the ARN of the secret. The ARN is in the `acs:kms:${region}:${account}:secret/${secret-name}` format.
EnableAutomaticRotation	Boolean	Yes	true	Specifies whether to enable automatic rotation. Valid values: true false (default)
RotationInterval	String	No	30d	The interval for automatic rotation. Valid values: 168 hours (7 days) to 8,760 hours (365 days). The value is in the `integer[unit]` format. The unit can be d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s indicate a seven-day interval. Note This parameter is required if you set EnableAutomaticRotation to true. This parameter is ignored if you set EnableAutomaticRotation to false or does not set EnableAutomaticRotation.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter	Type	Example	Description
SecretName	String	RdsSecret/Mysql5.4/MyCred	The secret name.
RequestId	String	2c124f6f-4210-499f-b88a-69f54004d2d8	The ID of the request, which is used to locate and troubleshoot issues.

Examples

Sample requests

http(s)://[Endpoint]/?Action=UpdateSecretRotationPolicy
&SecretName=RdsSecret/Mysql5.4/MyCred
&EnableAutomaticRotation=true
&RotationInterval=30d
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<UpdateSecretRotationPolicyResponse>
    <SecretName>RdsSecret/Mysql5.4/MyCred</SecretName>
    <RequestId>2c124f6f-4210-499f-b88a-69f54004d2d8</RequestId>
</UpdateSecretRotationPolicyResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "SecretName" : "RdsSecret/Mysql5.4/MyCred",
  "RequestId" : "2c124f6f-4210-499f-b88a-69f54004d2d8"
}

Error codes

For a list of error codes, see Service error codes.