ALIYUN::KMS::Secret - Resource Orchestration Service

ALIYUN::KMS::Secret is used to create a secret and store the initial version of the secret.

Syntax

{
  "Type": "ALIYUN::KMS::Secret",
  "Properties": {
    "VersionId": String,
    "SecretName": String,
    "Description": String,
    "SecretDataType": String,
    "SecretData": String,
    "VersionStages": List,
    "EncryptionKeyId": String,
    "RecoveryWindowInDays": Integer,
    "ForceDeleteWithoutRecovery": Boolean,
    "SecretType": String,
		"EnableAutomaticRotation": Boolean,
		"RotationInterval": String,
		"ExtendedConfig": Map,
		"DKMSInstanceId": String
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
VersionId	String	Yes	Yes	The initial version number of the secret.	Version numbers are unique in each secret.
SecretName	String	Yes	No	The name of the secret.	None.
Description	String	No	Yes	The description of the secret.	None.
SecretDataType	String	No	No	The type of the secret value.	Valid values: text binary
SecretData	String	Yes	Yes	The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores the encrypted value in the initial version.	None.
VersionStages	List	No	Yes	The stage labels that mark the secret version.	Default value: ACSCurrent. You can specify up to seven labels.
EncryptionKeyId	String	No	No	The ID of the customer master key (CMK) that is used to encrypt the secret value.	If you leave this property empty, Secrets Manager uses a CMK that is created by Key Management Service (KMS) to encrypt and protect the secret value. Note The CMK must be a symmetric key.
RecoveryWindowInDays	Integer	No	Yes	The recovery period of the secret when the secret is deleted in a non-forceful manner.	Default value: 30. Unit: day.
ForceDeleteWithoutRecovery	Boolean	No	Yes	Specifies whether to forcefully delete the secret. A forcefully deleted secret cannot be recovered.	Valid values: true false (default)
SecretType	String	No	No	The type of the secret.	Valid values: Generic: generic secret Rds: managed ApsaraDB RDS secret RAMCredentials: managed Resource Access Management (RAM) secret ECS: managed ECS secret
EnableAutomaticRotation	Boolean	No	No	Specifies whether to enable automatic key rotation.	Valid values: true false (default)
RotationInterval	String	No	No	The interval of automatic key rotation.	Specify the interval in the `integer[unit]` format. `integer` specifies the length of time. `unit` specifies the unit of time. Set `unit` to s. For example, if automatic rotation is performed at an interval of seven days, set RotationInterval to 604800s. Note This property is returned if automatic key rotation is enabled.
ExtendedConfig	Map	No	No	The extended configuration of the secret.	None.
DKMSInstanceId	String	No	No	The ID of the dedicated KMS instance.	None.

Return values

Fn::GetAtt

SecretName: the name of the secret.
Arn: the Alibaba Cloud Resource Name (ARN) of the secret.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters: {}
Resources:
  Secret:
    Type: ALIYUN::KMS::Secret
    Properties:
      VersionId: v1
      SecretName: TestSecret
      SecretData: DemoSecretData
      ForceDeleteWithoutRecovery: false
Outputs: {}

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
  },
  "Resources": {
    "Secret": {
      "Type": "ALIYUN::KMS::Secret",
      "Properties": {
        "VersionId": "v1",
        "SecretName": "TestSecret",
        "SecretData": "DemoSecretData",
        "ForceDeleteWithoutRecovery": false
      }
    }
  },
  "Outputs": {
  }
}