Help Center/ Data Encryption Workshop/ API Reference (Ally Region)/ APIs/ Cloud Secret Management Service/ Querying a Secret Instance
Updated on 2025-12-29 GMT+08:00
View PDF
Share

Querying a Secret Instance

Function

Query a secret instance. Filter user secrets by tag, and return a secret list.

URI

POST /v1/{project_id}/csms/{resource_instances}/action

Table 1 URI parameters

Parameter

Mandatory

Type

Description

resource_instances

Yes

String

Resource instance. The value is resource_instances.

project_id

Yes

String

Project ID

Request Parameter

Table 2 Request header parameter

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token.

It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Table 3 Request body parameter

Parameter

Mandatory

Type

Description

limit

No

String

Number of records in a query. If action is set to count, do not set this parameter. If action is set to filter, the default value of this parameter is 10. The value ranges from 1 to 1,000.

offset

No

String

If action is set to count, do not specify this parameter.

action

No

String

Operation type. Possible values are as follows:

  • filter: Filter records.
  • count: Count all the records.

tags

No

Array of Tag objects

Tag list, which is the value pairs of key and value.

  • key: Tag key. A secret can contain up to 20 keys. This value cannot be left blank or repeated. The value of a key must be unique and contain up to 36 characters. Each pair contains one key and one value.
  • value: Tag value. There can be multiple values and each value can contain up to 43 characters.

matches

No

Array of TagItem objects

Search field.

  • key is an exact match field. Currently, its value can only be resource_name.
  • value is a fuzzy match field. It can contain a maximum of 255 characters. If this parameter is not specified, an empty value will be returned.

sequence

No

String

A 36-byte serial number of a request message, for example, 919c82d4-8046-4722-9094-35c3c6524cff.
Table 4 Tag

Parameter

Mandatory

Type

Description

key

No

String

Key. The value can contain up to 36 Unicode characters. This parameter cannot be left empty or contain non-printable characters, including ASCII(0-31), *, <, >, \, and =.

values

No

Array of strings

Tag value set
Table 5 TagItem

Parameter

Mandatory

Type

Description

key

No

String

Key. The value can contain up to 36 Unicode characters. This parameter cannot be left empty or contain non-printable characters, including ASCII(0-31), *, <, >, \, and =.

value

No

String

Value. Each value can contain up to 43 Unicode characters and can be an empty string. It cannot contain non-printable characters, including ASCII(0-31), *, <, >, \, and =.

Response Parameters

Status code: 200

Table 6 Response body parameters

Parameter

Type

Description

resources

Array of ActionResources objects

Resource instance list

total_count

Integer

Total number of resources.
Table 7 ActionResources

Parameter

Type

Description

resource_id

String

Resource ID

resource_detail

Secret object

Secret

resource_name

String

Resource name. This parameter is an empty string by default.

tags

Array of TagItem objects

Tag list. If there is no tag in the list, an empty array is returned.

sys_tags

Array of TagItem objects

Tag list. If there is no tag in the list, an empty array is returned.
Table 8 Secret

Parameter

Type

Description

id

String

Secret ID

name

String

Secret name

state

String

Secret status. Possible values are as follows:

ENABLED

DISABLED

PENDING_DELETE

FROZEN

kms_key_id

String

ID of the KMS CMK used to encrypt secret values

description

String

Description of a secret

create_time

Long

Secret creation time. The value is a timestamp which indicates how many seconds it has been since January 1, 1970.

update_time

Long

Time when a secret was last updated. The value is a timestamp which indicates how many seconds it has been since January 1, 1970

scheduled_delete_time

Long

Time when a secret will be deleted as scheduled. The value is a timestamp which indicates how many seconds it has been since January 1, 1970

If a secret is not in Pending deletion state, the value of this parameter is null.
Table 9 TagItem

Parameter

Type

Description

key

String

Key. The value can contain up to 36 Unicode characters. This parameter cannot be left empty or contain non-printable characters, including ASCII(0-31), *, <, >, \, and =.

value

String

Value. Each value can contain up to 43 Unicode characters and can be an empty string. It cannot contain non-printable characters, including ASCII(0-31), *, <, >, \, and =.

Status code: 400

Table 10 Response body parameter

Parameter

Type

Description

error

ErrorDetail object

-
Table 11 ErrorDetail

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error information

Status code: 401

Table 12 Response body parameter

Parameter

Type

Description

error

ErrorDetail object

-
Table 13 ErrorDetail

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error information

Status code: 403

Table 14 Response body parameter

Parameter

Type

Description

error

ErrorDetail object

-
Table 15 ErrorDetail

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error information

Status code: 404

Table 16 Response body parameter

Parameter

Type

Description

error

ErrorDetail object

-
Table 17 ErrorDetail

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error information

Status code: 500

Table 18 Response body parameter

Parameter

Type

Description

error

ErrorDetail object

-
Table 19 ErrorDetail

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error information

Status code: 502

Table 20 Response body parameter

Parameter

Type

Description

error

ErrorDetail object

-
Table 21 ErrorDetail

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error information

Status code: 504

Table 22 Response body parameter

Parameter

Type

Description

error

ErrorDetail object

-
Table 23 ErrorDetail

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error information

Example Request

Filter user secrets based on the tag whose key is key1 and value is val1, and return the secret list.

{
  "action" : "filter",
  "tags" : [ {
    "key" : "key1",
    "values" : [ "val1" ]
  } ]
}

Example Response

Status code: 200

Request succeeded.

{
  "total_count" : 1,
  "resources" : [ {
    "resource_id" : "2d1152f2-290d-4756-a1d2-e12c14992416"
  }, {
    "resource_detail" : {
      "id" : "2d1152f2-290d-4756-a1d2-e12c14992416",
      "name" : "example_name",
      "state" : "ENABLED",
      "description" : "",
      "kms_key_id" : "1213d410-ass1-1254-1a2d-3cca2sa2w554",
      "create_time" : 1581507580000,
      "update_time" : 1581507580000,
      "scheduled_delete_time" : 1581507580000
    }
  }, {
    "tags" : [ {
      "key" : "key1",
      "value" : "value1"
    }, {
      "key" : "key2",
      "value" : "value2"
    } ]
  }, {
    "sys_tags" : null
  }, {
    "resource_name" : "example_name"
  } ]
}

Status Code

Status Code

Description

200

Request succeeded.

400

Invalid request parameters.

401

Username and password are required for the requested page.

403

Authentication failed.

404

The requested resource does not exist.

500

Internal service error.

502

Failed to complete the request. The server receives an invalid response from the upstream server.

504

Gateway timed out.

Error Code

For details, see Error Codes.