Help Center/ Data Encryption Workshop/ API Reference/ APIs/ Secret Management APIs/ Lifecycle Management/ Querying the Secret List
Updated on 2026-06-09 GMT+08:00
View PDF
Share

Querying the Secret List

Function

This API is used to query all secrets created by the user in the current project.

Constraints

The information returned by this API is the metadata of the secret and does not contain the secret value.

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

  • If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
  • If you are using identity policy-based authorization, the following identity policy-based permissions are required.

    Action

    Access Level

    Resource Type (*: required)

    Condition Key

    Alias

    Dependencies

    csms:secret:list

    List

    secretName *

    g:EnterpriseProjectId

    -

    -

URI

GET /v1/{project_id}/secrets

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition

Project ID. For details, see Obtaining a Project ID.

Constraints

N/A

Range

The value returned by the IAM API is used, which contains 32 characters.

Default Value

N/A
Table 2 Query Parameters

Parameter

Mandatory

Type

Description

limit

No

String

Definition

Number of secrets returned on each page

Constraints

By default, 50 secret events are returned on each page. A maximum of 1,000 secrets can be returned.

Range

N/A

Default Value

N/A

marker

No

String

Definition

Name of the last secret on each page is used as a pagination tag. If this parameter is left blank, the first page is queried.

Constraints

Parameters marker and limit must be used together. If the number of records returned on the last page is less than the value of limit, the query ends.

Range

N/A

Default Value

N/A

event_name

No

String

Definition

Event notification name. Secrets bound to this event are returned.

Constraints

N/A

Range

The value must match the regular expression ^[a-zA-Z0-9_-]{1,64}$.

Default Value

N/A

with_shared

No

Boolean

Definition

Whether to query secrets shared by other accounts via RAM when you obtain the secret list.

  • You do not need to specify this parameter when calling the API. The default value is used.

  • If you need to query secrets that can be shared in RAM, set this parameter to false. Otherwise, secrets shared by other accounts will be queried.

Constraints

N/A

Range

true or false

Default Value

true

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Definition

User token. It can be obtained by calling the IAM API. The value of X-Subject-Token in the response header is the user token. This parameter is optional if AK/SK authentication is used.

Constraints

N/A

Range

Obtain the value by calling the IAM API for obtaining the user token.

Default Value

N/A

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

secrets

Array of Secret objects

Definition

Secret details list

Range

N/A

page_info

PageInfo object

Definition

Pagination information of the list.

Range

N/A
Table 5 Secret

Parameter

Type

Description

id

String

Definition

Secret ID

Range

N/A

name

String

Definition

Secret name

Range

N/A

state

String

Definition

Secret status

Range

  • ENABLED

  • DISABLED

  • PENDING_DELETE

  • FROZEN

kms_key_id

String

Definition

ID of the KMS CMK used to encrypt secret values

Range

N/A

description

String

Definition

Secret description

Range

N/A

create_time

Long

Definition

Timestamp when a secret was created, that is, total number of seconds since January 1, 1970.

Range

N/A

update_time

Long

Definition

Timestamp when a secret was last updated, that is, the total number of seconds since January 1, 1970.

Range

N/A

scheduled_delete_time

Long

Definition

Timestamp when a secret is to be deleted as scheduled, that is, total number of seconds since January 1, 1970.

If a secret is not in the Pending deletion state, the value of this parameter is null.

Range

N/A

secret_type

String

Definition

Secret type

Range

  • COMMON: shared secret (default). It is used to store sensitive information in an application system.

  • RDS: RDS secret. It is used to store RDS account information. (This value is no longer supported and is replaced by RDS-FG.)

  • RDS-FG: RDS secret. It is used to store RDS account information.

  • GaussDB-FG: TaurusDB secret. It is used to store TaurusDB account information.

auto_rotation

Boolean

Definition

Automatic rotation

Range

true: enabled, false: disabled (default)

rotation_period

String

Definition

Rotation period

Range

4 hours to 8,760 hours (365 days)

rotation_config

String

Definition

Rotation configuration

Range

  • The value can contain at most 1,024 characters.

  • If secret_type is set to RDS-FG or GaussDB-FG, set this parameter to {"InstanceId":"","SecretSubType":""}.

Note: This parameter is mandatory when secret_type is set to RDS-FG or GaussDB-FG.

InstanceId indicates the instance ID, and SecretSubType indicates the rotation subtype. The value can be SingleUser or MultiUser.

SingleUser: Single-user rotation is used. A new password is created for the account for each rotation.

MultiUser: Multi-user rotation is used. The users are labeled as SYSCURRENT and SYSPREVIOUS, respectively. During secret rotation, the password of the user labeled by SYSPREVIOUS will be reset to a random one. Then, the user labels of SYSCURRENT and SYSPREVIOUS are exchanged.

rotation_time

Long

Definition

Rotation timestamp.

Range

N/A

next_rotation_time

Long

Definition

Next rotation timestamp.

Range

N/A

last_used_time

Long

Definition

Time when the secret value was last obtained.

Range

N/A

event_subscriptions

Array of strings

Definition

Events to which a secret is subscribed. Currently, only one event can be subscribed to. When a basic event is triggered, a message is sent to the topic corresponding to the event.

Range

N/A

enterprise_project_id

String

Definition

Enterprise project ID.

Range

N/A

rotation_func_urn

String

Definition

URN of the FunctionGraph function

Range

N/A

domain_id

String

Definition

ID of the tenant to which the secret belongs.

Range

N/A

replica_type

String

Definition

Multi-region secret type

Range

  • STANDALONE: There is no multi-region replica for the current secret.

  • PRIMARY: There are multi-region replicas for the current secret. This secret is the primary one.

  • REPLICA: There are multi-region replicas for the current secret. This secret is the replica one.

replicas

Array of Replica objects

Definition

Replica secret information.

Range

N/A
Table 6 Replica

Parameter

Type

Description

id

String

Definition

Secret ID

Range

N/A

kms_key_id

String

Definition

ID of the KMS key used to encrypt secret values

Range

N/A

project_id

String

Definition

ID of the project to which the secret belongs

Range

N/A

region

String

Definition

Name of the region to which the secret belongs

Range

N/A

replica_type

String

Definition

Multi-region secret type

Range

  • PRIMARY: primary secret

  • REPLICA: replica secret

status

String

Definition

Replica secret synchronization status

Range

  • IN_PROGRESS: The replica secret is to be synchronized.

  • IN_SYNC: The replica secret is synchronized with the primary secret.

  • FAILED: The replica secret fails to be synchronized with the primary secret.

created_at

Long

Definition

Creation timestamp.

Range

N/A

updated_at

Long

Definition

Update timestamp.

Range

N/A
Table 7 PageInfo

Parameter

Type

Description

next_marker

String

Definition

Query address of the next page (secret name at the end of the current page and the start of the next page)

Range

N/A

previous_marker

String

Definition

Secret name at the start of the current page and the end of the last page

Range

N/A

current_count

Integer

Definition

Number of records returned on this page

Range

N/A

Example Requests

None

Example Responses

Status code: 200

Request succeeded.

{
  "secrets" : [ {
    "id" : "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
    "name" : "secret-name-test",
    "state" : "ENABLED",
    "kms_key_id" : "b168fe00ff56492495a7d22974df2d0b",
    "description" : "description",
    "create_time" : 1581507580000,
    "update_time" : 1581507580000,
    "scheduled_delete_time" : 1581507580000,
    "secret_type" : "RDS-FG",
    "auto_rotation" : true,
    "rotation_config" : "{'InstanceId':'instance id','SecretSubType':'MultiUser'}",
    "rotation_period" : "1d",
    "rotation_time" : 1668567940000,
    "next_rotation_time" : 1668629140000,
    "event_subscriptions" : [ "pocEvent" ],
    "domain_id" : "b168feasdf56492495a7d22974df2xax",
    "replica_type" : "PRIMARY"
  } ],
  "page_info" : {
    "next_marker" : "secret-name-test",
    "previous_marker" : "secret-name-test",
    "current_count" : 1
  }
}

Status Codes

Status Code

Description

200

Request succeeded.

Error Codes

See Error Codes.

Parent Topic: Lifecycle Management