Updated on 2025-10-16 GMT+08:00

Importing Secrets in Batches

Function

This API is used to import secrets in batches.

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

  • If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
  • If you are using identity policy-based authorization, no identity policy-based permission required for calling this API.

URI

POST /v1/{project_id}/secrets/batch-import

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token.

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

secrets

Yes

Array of CreateSecretRequestBody objects

Parameter for creating secrets in batches.

Table 4 CreateSecretRequestBody

Parameter

Mandatory

Type

Description

name

Yes

String

Name of the secret to be created

Constraint: The value can contain 1 to 64 characters and must match the regular expression ^[a-zA-Z0-9._-]{1,64}$.

kms_key_id

No

String

ID of the KMS master key used to encrypt the protection secret value. If you do not specify this parameter, the secret management service uses the default master key named csms/default by default to encrypt the secret value created by your account. If the KMS you specified does not exist under your account, it will be automatically created.

description

No

String

Description of a secret.

Constraint: It can contain up to 2,048 bytes.

secret_binary

No

String

Plaintext of a binary secret encoded using Base64. CSMS encrypts the plaintext and stores it in the initial version of the secret.

Type: Base64-encoded binary data object

Constraints: Either secret_binary or secret_string must be configured. The maximum size is 32 KB.

secret_string

No

String

Plaintext of a text secret. CSMS encrypts the plaintext and stores it in the initial version of the secret.

Constraint: Either secret_binary or secret_string must be configured. The maximum size is 32 KB.

secret_type

No

String

Secret type

  • COMMON: shared secret (default), which is used to store sensitive information in an application system.

  • RDS: RDS secret, which is used to store RDS account information. (no longer supported, replaced by RDS-FG)

  • RDS-FG: RDS secret, which is used to store RDS account information.

  • GaussDB-FG: TaurusDB secret, which is used to store TaurusDB account information.

auto_rotation

No

Boolean

Automatic rotation

The value can be true (enabled) or false (disabled). The default value is false.

rotation_period

No

String

Rotation period

Constraints: 6 hours - 8,760 hours (365 days)

Type: Integer[unit]. Integer indicates the time length. unit indicates the time unit, which can be d (day), h (hour), m (minute), or s (second). For example, 1d indicates one day, and 24h also indicates one day.

Note: This parameter is mandatory when automatic rotation is enabled.

rotation_config

No

String

Rotation configuration

Constraints: The value can contain a maximum of 1,024 characters.

This parameter is mandatory when secret_type is RDS-FG or GaussDB-FG. The parameter format is {"InstanceId":"","SecretSubType":""}.

Description: InstanceId indicates the instance ID, and SecretSubType indicates the rotation subtype. The value can be SingleUser or MultiUser.

SingleUser: Single-user rotation is used. A new password is created for the account for each rotation.

MultiUser: Dual-user rotation is used. The users are labeled as SYSCURRENT and SYSPREVIOUS, respectively. During secret rotation, the password of the account who is labeled as SYSPREVIOUS is reset, and a random password is generated. Then, the labels are switched for the users.

event_subscriptions

No

Array of strings

List of events subscribed to by secrets. Currently, only one event can be subscribed to. When a basic event contained in an event is triggered, a notification message is sent to the notification topic corresponding to the event.

enterprise_project_id

No

String

This parameter is provided for enterprise users. If you are an enterprise user and have created an enterprise project, select the enterprise project to be bound to the key from the drop-down list. The default project is default.

For users who have not enabled Enterprise Management, the Enterprise Project parameter is not displayed on the page and does not need to be configured.

rotation_func_urn

No

String

URN of the FunctionGraph function

Response Parameters

Status code: 200

Table 5 Response body parameters

Parameter

Type

Description

error_list

Array of ErrorInfo objects

Failure description.

total

Integer

Total number of records.

success

Integer

Number of successful records.

failed

Integer

Number of failed records.

Table 6 ErrorInfo

Parameter

Type

Description

name

String

Name.

error_msg

String

Failure cause.

Status code: 400

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error details.

Example Requests

None

Example Responses

None

Status Codes

Status Code

Description

200

Request succeeded.

400

Request failed.

Error Codes

See Error Codes.