Creating a Secret
Function
You can create a secret and store its value in its original version.
Secret values are encrypted and stored in secret versions. A version can have multiple statuses. Versions without any statuses are regarded as deprecated versions and can be automatically deleted by CSMS.
The initial version is marked by the SYSCURRENT status tag.
Constraints
You can specify a symmetric CMK to encrypt secrets. If the kms_key_id parameter is not specified, the default master key csms/default will be used to encrypt the secrets created under your account in a project. If the CMK you specified does not exist under your account, it will be automatically created.
You need the kms:dek:create permission of the specified CMK to encrypt secret values.
Debugging
You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.
URI
POST /v1/{project_id}/secrets
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Project ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API that is used for obtaining a user token. The value of X-Subject-Token in the response header is the user token. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
Yes |
String |
Secret name. Constraint: The value can contain 1 to 64 characters and must match the regular expression: ^[a-zA-Z0-9._-]{1,64}$ |
kms_key_id |
No |
String |
ID of the KMS CMK used to encrypt secret values. If this parameter is not specified, the default master key csms/default will be used to encrypt the secret values created under your account in the project. If the CMK you specified does not exist under your account, it will be automatically created. |
description |
No |
String |
Description of a secret. Constraint: It can contain up to 2048 bytes. |
secret_binary |
No |
String |
Plaintext of a binary secret encoded using Base64. CSMS encrypts the plaintext and stores it in the initial version of the secret. Type: Base64-encoded binary data object Constraint: Either secret_binary or secret_string must be configured. The maximum size is 32 KB. |
secret_string |
No |
String |
Plaintext of a text secret. CSMS encrypts the plaintext and stores it in the initial version of the secret. Constraint: Either secret_binary or secret_string must be configured. The maximum size is 32 KB. |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
secret |
Secret object |
Secret object. |
Parameter |
Type |
Description |
---|---|---|
id |
String |
Resource identifier of a secret. |
name |
String |
Secret name. |
state |
String |
Secret status. Its value can be:
|
kms_key_id |
String |
ID of the KMS CMK used to encrypt a secret value. |
description |
String |
Description of a secret. |
create_time |
Long |
Secret creation time. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970). |
update_time |
Long |
Time when a secret was last updated. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970). |
scheduled_delete_time |
Long |
Time when a secret is scheduled to be deleted. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970). If the secret is not in the deletion plan, the value of this parameter is null. |
Status code: 400
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 401
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 403
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 404
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 500
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 502
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Status code: 504
Parameter |
Type |
Description |
---|---|---|
error_code |
String |
Error code |
error_msg |
String |
Error message |
Example Requests
{ "name" : "demo", "kms_key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f", "secret_string" : "this is a demo secret string" }
Example Responses
Status code: 200
Request succeeded.
{ "secret" : { "id" : "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e", "name" : "test", "state" : "ENABLED", "kms_key_id" : "b168fe00ff56492495a7d22974df2d0b", "description" : "description", "create_time" : 1581507580000, "update_time" : 1581507580000, "scheduled_delete_time" : 1581507580000 } }
Status Codes
Status Code |
Description |
---|---|
200 |
Request succeeded. |
400 |
Invalid request parameters. |
401 |
You must enter a username and password to access the requested page. |
403 |
Authentication failed. |
404 |
The requested resource does not exist or is not found. |
500 |
Internal service error. |
502 |
Failed to complete the request. The server received an invalid response. |
504 |
Gateway timeout. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot