Rotating a Secret

Function

This API is used to rotate a secret immediately. Create a version for the specified secret to encrypt and store the generated random secret values. The created secret version is marked as SYSCURRENT.

Constraints

The RotateSecret API does not support rotation for shared secrets.

The account has the following permissions:

Changing the RDS database password

Querying key information

Querying the key list

Creating a DEK

Decrypting a DEK

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.

If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
csms:secret:rotate	Write	secretName *	csms:Type g:EnterpriseProjectId g:ResourceTag/<tag-key>	-	rds:password:update kms:cmk:createGrant kms:cmk:retireGrant

URI

POST /v1/{project_id}/secrets/{secret_name}/rotate

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID. For details, see Obtaining a Project ID. Constraints N/A Range The value returned by the IAM API is used, which contains 32 characters. Default Value N/A
secret_name	Yes	String	Definition Secret name. Constraints N/A Range The value must match the regular expression ^[a-zA-Z0-9_-]{1,64}$. Default Value N/A

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token. It can be obtained by calling the IAM API. The value of X-Subject-Token in the response header is the user token. This parameter is optional if AK/SK authentication is used. Constraints N/A Range Obtain the value by calling the IAM API for obtaining the user token. Default Value N/A

Response Parameters

Status code: 200

**Table 3** Response body parameters
Parameter	Type	Description
version_id	String	Definition Secret version ID Range N/A
secret_name	String	Definition Secret name Range N/A
rotation_task_id	String	Definition ID of the secret rotation task Range N/A

Example Requests

None

Example Responses

Status code: 200

Request succeeded.

{
  "rotation_task_id" : "a71a4b47-6cac-4f11-92c1-21a165bb6401"
}

Status Codes

Status Code	Description
200	Request succeeded.

Error Codes

See Error Codes.

Parent Topic: Lifecycle Management

Previous topic: Canceling a Scheduled Secret Deletion Task

Next topic: Secret Version Management

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot