ALIYUN::KMS::Secret is used to create a secret and store the initial version of the secret.
Syntax
{
"Type": "ALIYUN::KMS::Secret",
"Properties": {
"VersionId": String,
"SecretName": String,
"Description": String,
"SecretDataType": String,
"SecretData": String,
"VersionStages": List,
"EncryptionKeyId": String,
"RecoveryWindowInDays": Integer,
"ForceDeleteWithoutRecovery": Boolean,
"SecretType": String,
"EnableAutomaticRotation": Boolean,
"RotationInterval": String,
"ExtendedConfig": Map,
"DKMSInstanceId": String
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
VersionId | String | Yes | Yes | The initial version number of the secret. | Version numbers are unique in each secret. |
SecretName | String | Yes | No | The name of the secret. | None. |
Description | String | No | Yes | The description of the secret. | None. |
SecretDataType | String | No | No | The type of the secret value. | Valid values:
|
SecretData | String | Yes | Yes | The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores the encrypted value in the initial version. | None. |
VersionStages | List | No | Yes | The stage labels that mark the secret version. | Default value: ACSCurrent. You can specify up to seven labels. |
EncryptionKeyId | String | No | No | The ID of the customer master key (CMK) that is used to encrypt the secret value. | If you leave this property empty, Secrets Manager uses a CMK that is created by Key Management Service (KMS) to encrypt and protect the secret value. Note The CMK must be a symmetric key. |
RecoveryWindowInDays | Integer | No | Yes | The recovery period of the secret when the secret is deleted in a non-forceful manner. | Default value: 30. Unit: day. |
ForceDeleteWithoutRecovery | Boolean | No | Yes | Specifies whether to forcefully delete the secret. A forcefully deleted secret cannot be recovered. | Valid values:
|
SecretType | String | No | No | The type of the secret. | Valid values:
|
EnableAutomaticRotation | Boolean | No | No | Specifies whether to enable automatic key rotation. | Valid values:
|
RotationInterval | String | No | No | The interval of automatic key rotation. | Specify the interval in the Note This property is returned if automatic key rotation is enabled. |
ExtendedConfig | Map | No | No | The extended configuration of the secret. | None. |
DKMSInstanceId | String | No | No | The ID of the dedicated KMS instance. | None. |
Return values
Fn::GetAtt
SecretName: the name of the secret.
Arn: the Alibaba Cloud Resource Name (ARN) of the secret.