Immediately rotates a secret.
Limits:
• A secret of each Alibaba Cloud account can be rotated for up to 50 times per hour.
• The RotateSecret operation does not support generic secrets.
Call the operation only for secret types that support automatic rotation. To rotate a generic secret, call the PutSecretValue operation.
In the following example, a secret named RdsSecret/Mysql5.4/MyCred
is manually rotated. The new version of the secret is 000000123
.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
Action | String | Yes | RotateSecret | The operation that you want to perform. Set the value to RotateSecret. |
SecretName | String | Yes | RdsSecret/Mysql5.4/MyCred | The Alibaba Cloud Resource Name (ARN) of the secret or secret resource. Note When you access a secret within another Alibaba Cloud account, you must enter the ARN of the secret. The ARN is in the |
VersionId | String | Yes | 000000123 | The version number of the new secret version after rotation. Note The version number is used to ensure the idempotence of the request. Key Management Service (KMS) uses version numbers to prevent accidental duplication of versions. This happens when your application retries a request after a failure. If a version number already exists, KMS ignores the request for rotation and returns a success message. |
Response parameters
Parameter | Type | Example | Description |
VersionId | String | 000000123 | The version number of the new secret version after rotation. |
SecretName | String | RdsSecret/Mysql5.4/MyCred | The secret name. |
RequestId | String | 10257c86-269d-43aa-aaf3-90ed4144bb7c | The ID of the request, which is used to locate and troubleshoot issues. |
Arn | String | acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred | The Alibaba Cloud Resource Name (ARN) of the secret. |
For more information about common request parameters, see Common parameters.
Examples
Sample requests
http(s)://[Endpoint]/?Action=RotateSecret
&SecretName=RdsSecret/Mysql5.4/MyCred
&VersionId=000000123
&Common request parameters
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<RotateSecretResponse>
<VersionId>000000123</VersionId>
<SecretName>RdsSecret/Mysql5.4/MyCred</SecretName>
<RequestId>10257c86-269d-43aa-aaf3-90ed4144bb7c</RequestId>
<Arn>acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred</Arn>
</RotateSecretResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"VersionId" : "000000123",
"SecretName" : "RdsSecret/Mysql5.4/MyCred",
"RequestId" : "10257c86-269d-43aa-aaf3-90ed4144bb7c",
"Arn" : "acs:kms:cn-hangzhou:154035569884****:secret/RdsSecret/Mysql5.4/MyCred"
}
Error codes
HTTP status code | Error code | Error message | Description |
400 | InvalidParameter | The specified parameter is not valid. | The specified parameter is invalid. |
For a list of error codes, see Service error codes.