Updating a Secret

Function

Updates the metadata of a specified secret.

Constraints

This API can only be used to modify secret metadata. It cannot modify the secret value.

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.

If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
csms:secret:update	Write	secretName *	csms:Type csms:KmsKeyId g:EnterpriseProjectId g:ResourceTag/<tag-key>	-	-

URI

PUT /v1/{project_id}/secrets/{secret_name}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID
secret_name	Yes	String	Secret name

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
kms_key_id	No	String	ID of the KMS CMK used to encrypt a secret value. If the CMK of a secret is updated, only the secret versions created after the update will be encrypted using the new CMK. The secret versions earlier than the update are still decrypted using the old CMK ID.
description	No	String	Description of a secret. Constraint: It can contain up to 2,048 bytes.
auto_rotation	No	Boolean	Automatic rotation The value can be true (enabled) or false (disabled).
rotation_period	No	String	Rotation period Constraints: 6 hours - 8,760 hours (365 days) Type: Integer[unit]. Integer indicates the time length. unit indicates the time unit, which can be d (day), h (hour), m (minute), or s (second). For example, 1d indicates one day, and 24h also indicates one day. Note: This parameter is mandatory when automatic rotation is enabled.
event_subscriptions	No	Array of strings	List of events subscribed to by secrets. Currently, only one event can be subscribed to. When a basic event contained in an event is triggered, a notification message is sent to the notification topic corresponding to the event.
rotation_func_urn	No	String	URN of the FunctionGraph function

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
secret	Secret object	Secret object

**Table 5** Secret
Parameter	Type	Description
id	String	Resource identifier of a secret
name	String	Secret name
state	String	Secret status. Its value can be: ENABLED DISABLED PENDING_DELETE FROZEN
kms_key_id	String	ID of the KMS CMK used to encrypt a secret value.
description	String	Description of a secret
create_time	Long	Secret creation time. The value is a timestamp, that is, the total number of seconds on January 1, 1970 to the current time.
update_time	Long	Time when a secret was last updated. The value is a timestamp, that is, the total number of seconds on January 1, 1970 to the current time.
scheduled_delete_time	Long	Time when a secret is scheduled to be deleted. The value is a timestamp, that is, the total number of seconds on January 1, 1970 to the current time. If the secret is not in the deletion plan, the value of this parameter is null.
secret_type	String	Secret type COMMON: shared secret (default), which is used to store sensitive information in an application system. RDS: RDS secret, which is used to store RDS account information. (no longer supported, replaced by RDS-FG) RDS-FG: RDS secret, which is used to store RDS account information. GaussDB-FG: TaurusDB secret, which is used to store TaurusDB account information.
auto_rotation	Boolean	Automatic rotation The value can be true (enabled) or false (disabled). The default value is false.
rotation_period	String	Rotation period Constraints: 6 hours - 8,760 hours (365 days) Type: Integer[unit]. Integer indicates the time length. unit indicates the time unit, which can be d (day), h (hour), m (minute), or s (second). For example, 1d indicates one day, and 24h also indicates one day. Note: This parameter is mandatory when automatic rotation is enabled.
rotation_config	String	Rotation configuration Constraints: The value can contain a maximum of 1,024 characters. If secret_type is set to RDS-FG or GaussDB-FG, set this parameter to {"InstanceId":"","SecretSubType":""}. Note: This parameter is mandatory when secret_type is set to RDS-FG or GaussDB-FG. InstanceId indicates the instance ID, and SecretSubType indicates the rotation subtype. The value can be SingleUser or MultiUser. SingleUser: Single-user rotation is used. A new password is created for the account for each rotation. MultiUser: Dual-user rotation is used. The users are labeled as SYSCURRENT and SYSPREVIOUS, respectively. During secret rotation, the password of the account who is labeled as SYSPREVIOUS is reset, and a random password is generated. Then, the labels are switched for the users.
rotation_time	Long	Rotation timestamp
next_rotation_time	Long	Next rotation timestamp
event_subscriptions	Array of strings	List of events subscribed to by secrets. Currently, only one event can be subscribed to. When a basic event contained in an event is triggered, a notification message is sent to the notification topic corresponding to the event.
enterprise_project_id	String	Enterprise project ID
rotation_func_urn	String	URN of the FunctionGraph function

Status code: 400

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 401

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 403

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 404

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 500

**Table 10** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 502

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 504

**Table 12** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Example Requests

Updating the secret KMS key ID to test and description to update description

{
  "kms_key_id" : "test",
  "description" : "update description",
  "event_subscriptions" : [ "pocEvent2" ]
}

Example Responses

Status code: 200

Request succeeded.

{
  "secret" : {
    "id" : "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
    "name" : "test",
    "state" : "ENABLED",
    "kms_key_id" : "b168fe00ff56492495a7d22974df2d0b",
    "description" : "description",
    "create_time" : 1581507580000,
    "update_time" : 1581507580000,
    "scheduled_delete_time" : 1581507580000,
    "secret_type" : "RDS-FG",
    "auto_rotation" : true,
    "rotation_config" : "{'InstanceId':'indstance id','SecretSubType':'MultiUser'}",
    "rotation_period" : "1d",
    "rotation_time" : 1668567940000,
    "next_rotation_time" : 1668629140000,
    "event_subscriptions" : [ "pocEvent" ],
    "rotation_func_urn" : "urn:fss:{region}:46b6f338fc3445b8846c71dfb1fbxxxx:function:default:test2-0:latest"
  }
}

Status Codes

Status Code	Description
200	Request succeeded.
400	Invalid request parameter.
401	A username and password are required.
403	Authentication failed.
404	The requested resource does not exist or is not found.
500	Internal service error.
502	The request failed to be fulfilled because the server received an invalid response from the upstream server.
504	Gateway timed out.