Updating a Secret

Function

Updates the metadata of a specified secret.

Constraints

This API can only be used to modify secret metadata. It cannot modify the secret value.

Calling Method

For details, see Calling APIs.

URI

PUT /v1/{project_id}/secrets/{secret_name}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID
secret_name	Yes	String	Secret name

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
kms_key_id	No	String	ID of the KMS CMK used to encrypt a secret value. If the CMK of a secret is updated, only the secret versions created after the update will be encrypted using the new CMK. The secret versions earlier than the update are still decrypted using the old CMK ID.
description	No	String	Description of a secret. Constraint: It can contain up to 2,048 bytes.
auto_rotation	No	Boolean	Automatic rotation The value can be true (enabled) or false (disabled).
rotation_period	No	String	Rotation period Constraints: 6 hours - 8,760 hours (365 days) Type: Integer[unit]. Integer indicates the time length. unit indicates the time unit, which can be d (day), h (hour), m (minute), or s (second). For example, 1d indicates one day, and 24h also indicates one day. Note: This parameter is mandatory when automatic rotation is enabled.
event_subscriptions	No	Array of strings	List of events subscribed to by secrets. Currently, only one event can be subscribed to. When a basic event contained in an event is triggered, a notification message is sent to the notification topic corresponding to the event.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
secret	Secret object	Secret object

**Table 5** Secret
Parameter	Type	Description
id	String	Resource identifier of a secret
name	String	Secret name
state	String	Secret status. Its value can be: ENABLED DISABLED PENDING_DELETE FROZEN
kms_key_id	String	ID of the KMS CMK used to encrypt a secret value.
description	String	Description of a secret
create_time	Long	Secret creation time. The value is a timestamp, that is, the total number of seconds on January 1, 1970 to the current time.
update_time	Long	Time when a secret was last updated. The value is a timestamp, that is, the total number of seconds on January 1, 1970 to the current time.
scheduled_delete_time	Long	Time when a secret is scheduled to be deleted. The value is a timestamp, that is, the total number of seconds on January 1, 1970 to the current time. If the secret is not in the deletion plan, the value of this parameter is null.
secret_type	String	Secret type The options are as follows: COMMON: common secret (default) stores sensitive information in the application system. RDS: RDS secrets. RDS secrets are used to store RDS account information.
auto_rotation	Boolean	Automatic rotation The value can be true (enabled) or false (disabled). The default value is false.
rotation_period	String	Rotation period Constraints: 6 hours - 8,760 hours (365 days) Type: Integer[unit]. Integer indicates the time length. unit indicates the time unit, which can be d (day), h (hour), m (minute), or s (second). For example, 1d indicates one day, and 24h also indicates one day. Note: This parameter is mandatory when automatic rotation is enabled.
rotation_config	String	Rotation configuration Constraints: The value contains a maximum of 1,024 characters. If secret_type is set to RDS, set this parameter to {"RDSInstanceId":"","SecretSubType":""}. Note: This parameter is mandatory when secret_type is set to RDS. RDSInstanceId indicates the RDS DB instance ID. SecretSubType indicates the rotation subtype. The value can be SingleUser or MultiUser. SingleUser: The single-user mode is used. The password of a specified account is reset each time the account is rotated. MultiUser: The dual-user mode is used. SYSCURRENT and SYSPREVIOUS reference one of the accounts. During secret rotation, the account password referenced by SYSPREVIOUS is reset to a new random password. Subsequently, secrets exchange SYSCURRENT and SYSPREVIOUS references to the RDS account.
rotation_time	Long	Rotation timestamp
next_rotation_time	Long	Next rotation timestamp
event_subscriptions	Array of strings	List of events subscribed to by secrets. Currently, only one event can be subscribed to. When a basic event contained in an event is triggered, a notification message is sent to the notification topic corresponding to the event.
enterprise_project_id	String	Enterprise project ID

Status code: 400

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 401

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 403

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 404

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 500

**Table 10** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 502

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Status code: 504

**Table 12** Response body parameters
Parameter	Type	Description
error_code	String	Error codes
error_msg	String	Error description

Example Requests

Updating the secret KMS key ID to test and description to update description

{
  "kms_key_id" : "test",
  "description" : "update description",
  "event_subscriptions" : [ "pocEvent2" ]
}

Example Responses

Status code: 200

Request succeeded.

{
  "secret" : {
    "id" : "bb6a3d22-dc93-47ac-b5bd-88df7ad35f1e",
    "name" : "test",
    "state" : "ENABLED",
    "kms_key_id" : "b168fe00ff56492495a7d22974df2d0b",
    "description" : "description",
    "create_time" : 1581507580000,
    "update_time" : 1581507580000,
    "scheduled_delete_time" : 1581507580000,
    "secret_type" : "RDS",
    "auto_rotation" : true,
    "rotation_config" : "{'RDSInstanceId':'indstance id','SecretSubType':'MultiUser'}",
    "rotation_period" : "1d",
    "rotation_time" : 1668567940000,
    "next_rotation_time" : 1668629140000,
    "event_subscriptions" : [ "pocEvent" ]
  }
}

SDK Sample Code

The SDK sample code is as follows.

Updating the secret KMS key ID to test and description to update description

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.csms.v1.region.CsmsRegion;
import com.huaweicloud.sdk.csms.v1.*;
import com.huaweicloud.sdk.csms.v1.model.*;

import java.util.List;
import java.util.ArrayList;

public class UpdateSecretSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        CsmsClient client = CsmsClient.newBuilder()
                .withCredential(auth)
                .withRegion(CsmsRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdateSecretRequest request = new UpdateSecretRequest();
        UpdateSecretRequestBody body = new UpdateSecretRequestBody();
        List<String> listbodyEventSubscriptions = new ArrayList<>();
        listbodyEventSubscriptions.add("pocEvent2");
        body.withEventSubscriptions(listbodyEventSubscriptions);
        body.withDescription("update description");
        body.withKmsKeyId("test");
        request.withBody(body);
        try {
            UpdateSecretResponse response = client.updateSecret(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

Updating the secret KMS key ID to test and description to update description

      
       
         
         
           # coding: utf-8

from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcsms.v1.region.csms_region import CsmsRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcsms.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = __import__('os').getenv("CLOUD_SDK_AK")
    sk = __import__('os').getenv("CLOUD_SDK_SK")

    credentials = BasicCredentials(ak, sk) \

    client = CsmsClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CsmsRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdateSecretRequest()
        listEventSubscriptionsbody = [
            "pocEvent2"
        ]
        request.body = UpdateSecretRequestBody(
            event_subscriptions=listEventSubscriptionsbody,
            description="update description",
            kms_key_id="test"
        )
        response = client.update_secret(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

Updating the secret KMS key ID to test and description to update description

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    csms "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/csms/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/csms/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/csms/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := csms.NewCsmsClient(
        csms.CsmsClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdateSecretRequest{}
	var listEventSubscriptionsbody = []string{
        "pocEvent2",
    }
	descriptionUpdateSecretRequestBody:= "update description"
	kmsKeyIdUpdateSecretRequestBody:= "test"
	request.Body = &model.UpdateSecretRequestBody{
		EventSubscriptions: &listEventSubscriptionsbody,
		Description: &descriptionUpdateSecretRequestBody,
		KmsKeyId: &kmsKeyIdUpdateSecretRequestBody,
	}
	response, err := client.UpdateSecret(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code	Description
200	Request succeeded.
400	Invalid request parameter.
401	A username and password are required.
403	Authentication failed.
404	The requested resource does not exist or is not found.
500	Internal service error.
502	The request failed to be fulfilled because the server received an invalid response from the upstream server.
504	Gateway timed out.