Queries the metadata of a secret.
This operation returns the metadata of a secret. This operation does not return the secret value.
In this example, the metadata of the secret named secret001
is queried.
Debugging
Request parameters
Parameter |
Type |
Required |
Example |
Description |
Action | String | Yes | DescribeSecret | The operation that you want to perform. Set the value to DescribeSecret. |
SecretName | String | Yes | secret001 | The name or Alibaba Cloud Resource Name (ARN) of the secret. Note When you access a secret within another Alibaba Cloud account, you must enter the ARN of the secret. The ARN is in the acs:kms:${region}:${account}:secret/${secret-name} format. |
FetchTags | String | No | true | Specifies whether to return the resource tags of the secret. Valid values:
|
For more information about common request parameters, see Common parameters.
Response parameters
Parameter |
Type |
Example |
Description |
UpdateTime | String | 2024-02-21T15:39:26Z | The time when the secret is updated. |
CreateTime | String | 2024-02-21T15:39:26Z | The time when the secret is created. |
NextRotationDate | String | 2024-07-06T18:22:03Z | The time when the next rotation is performed. Note This parameter is returned when automatic rotation is enabled. |
EncryptionKeyId | String | key-hzz63ca8cbe3hefht**** | The ID of the key that is used to encrypt the secret value. |
RotationInterval | String | 3153600s | The interval for automatic rotation. The value is in the Note This parameter is returned when automatic rotation is enabled. |
Arn | String | acs:kms:cn-hangzhou:154035569884****:secret/secret001 | The ARN of the secret. |
ExtendedConfig | String | {\"AccountName\":\"kms\",\"Database\":\"kmsdata\",\"AccountPrivilege\":\"RoleReadOnly\",\"CloneAccountName\":\"kms_clone\",\"CustomData\":{},\"InstanceId\":\"pc-bp134f7hnijoey****\",\"RegionId\":\"cn-hangzhou\",\"SecretSubType\":\"DoubleUsers\"}" | The extended configuration of the secret. Note The parameter is returned only for ApsaraDB RDS secrets, Resource Access Management (RAM) secrets, PolarDB secrets, or Elastic Compute Service (ECS) secrets. |
LastRotationDate | String | 2022-07-05T08:22:03Z | The time when the last rotation is performed. Note The parameter is returned if the secret is rotated. |
RequestId | String | 93348dfb-3627-4417-8d90-487a76a909c9 | The request ID. |
Description | String | userinfo | The description of the secret. |
SecretName | String | secret001 | The name of the secret. |
AutomaticRotation | String | Enabled | Indicates whether automatic rotation is enabled. Valid values:
Note The parameter is returned only for ApsaraDB RDS secrets, PolarDB secrets, RAM secrets, or ECS secrets. |
SecretType | String | Rds | The type of the secret. Valid values:
|
PlannedDeleteTime | String | 2025-03-21T15:45:12Z | The time when the secret is scheduled to be deleted. |
DKMSInstanceId | String | kst-bjj62d8f5e0sgtx8h**** | The ID of the KMS instance. |
Tags | Array of Tag | The resource tag of the secret. This parameter is not returned if you set FetchTags to false or you do not specify FetchTags. |
|
Tag | |||
TagValue | String | val1 | The tag value. |
TagKey | String | key1 | The tag key. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=DescribeSecret
&SecretName=secret001
&FetchTags=true
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<DescribeSecretResponse>
<UpdateTime>2024-02-21T15:39:26Z</UpdateTime>
<CreateTime>2024-02-21T15:39:26Z</CreateTime>
<NextRotationDate>2024-07-06T18:22:03Z</NextRotationDate>
<EncryptionKeyId>key-hzz63ca8cbe3hefht****</EncryptionKeyId>
<RotationInterval>3153600s</RotationInterval>
<Arn>acs:kms:cn-hangzhou:154035569884****:secret/secret001</Arn>
<ExtendedConfig>{\"SecretSubType\":\"SingleUser\", \"DBInstanceId\":\"rm-uf667446pc955****\", \"CustomData\":{} }</ExtendedConfig>
<LastRotationDate>2022-07-05T08:22:03Z</LastRotationDate>
<RequestId>93348dfb-3627-4417-8d90-487a76a909c9</RequestId>
<Description>userinfo</Description>
<SecretName>secret001</SecretName>
<AutomaticRotation>Enabled</AutomaticRotation>
<SecretType>Rds</SecretType>
<PlannedDeleteTime>2025-03-21T15:45:12Z</PlannedDeleteTime>
<DKMSInstanceId>kst-bjj62d8f5e0sgtx8h****</DKMSInstanceId>
<Tags>
<TagValue>val1</TagValue>
<TagKey>key1</TagKey>
</Tags>
</DescribeSecretResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"UpdateTime" : "2024-02-21T15:39:26Z",
"CreateTime" : "2024-02-21T15:39:26Z",
"NextRotationDate" : "2024-07-06T18:22:03Z",
"EncryptionKeyId" : "key-hzz63ca8cbe3hefht****",
"RotationInterval" : "3153600s",
"Arn" : "acs:kms:cn-hangzhou:154035569884****:secret/secret001",
"ExtendedConfig" : "{\\\"SecretSubType\\\":\\\"SingleUser\\\", \\\"DBInstanceId\\\":\\\"rm-uf667446pc955****\\\", \\\"CustomData\\\":{} }",
"LastRotationDate" : "2022-07-05T08:22:03Z",
"RequestId" : "93348dfb-3627-4417-8d90-487a76a909c9",
"Description" : "userinfo",
"SecretName" : "secret001",
"AutomaticRotation" : "Enabled",
"SecretType" : "Rds",
"PlannedDeleteTime" : "2025-03-21T15:45:12Z",
"DKMSInstanceId" : "kst-bjj62d8f5e0sgtx8h****",
"Tags" : [ {
"TagValue" : "val1",
"TagKey" : "key1"
} ]
}
Error codes
HTTP status code |
Error code |
Error message |
Description |
400 | IllegalTimestamp | The input parameter Timestamp that is mandatory for processing this request is not supplied. | The input parameter timestamp indicates that the request is outside the processing time range. |
400 | InvalidParameter | The specified parameter is not valid. | An invalid value is specified for the parameter. |
403 | Forbidden.NoPermission | You are not authorized to perform the operation. | You are not authorized to perform the operation. |
For a list of error codes, see Service error codes.