alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch
Table: alicloud_kms_secret
Secret enables to manage secrets in a centralized manner throughout their lifecycle (creation, retrieval, updating, and deletion).
Examples
Basic info
select name, description, arn, secret_type, create_timefrom alicloud_kms_secret;
List secrets that do not have automatic rotation enabled
select name, secret_type automatic_rotationfrom alicloud_kms_secretwhere automatic_rotation <> 'Enabled';
List secrets that have not been rotated within the last 30 days
select name, secret_type, automatic_rotationfrom alicloud_kms_secretwhere last_rotation_date < (current_date - interval '30' day);
Get the extended configuration info for each secret
select name, extended_config -> 'CustomData' ->> 'DBName' as db_name, extended_config ->> 'DBInstanceId' as db_instance_id, extended_config ->> 'SecretSubType' as secret_sub_typefrom alicloud_kms_secret;
List secrets without application tag key
select name, tagsfrom alicloud_kms_secretwhere not tags :: JSONB ? 'application';
Query examples
.inspect alicloud_kms_secret
Alicloud KMS Secret
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
account_id | text | The Alicloud Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
arn | text | The Alibaba Cloud Resource Name (ARN). |
automatic_rotation | text | Specifies whether automatic key rotation is enabled. |
create_time | timestamp with time zone | The time when the KMS Secret was created. |
description | text | The description of the secret. |
encryption_key_id | text | The ID of the KMS customer master key (CMK) that is used to encrypt the secret value. |
extended_config | jsonb | The extended configuration of Secret. |
last_rotation_date | timestamp with time zone | Date of last rotation of Secret. |
name | text | The name of the secret. |
next_rotation_date | timestamp with time zone | The date of next rotation of Secret. |
planned_delete_time | timestamp with time zone | The time when the KMS Secret is planned to delete. |
region | text | The Alicloud region in which the resource is located. |
rotation_interval | text | The rotation perion of Secret. |
secret_type | text | The type of the secret. |
tags | jsonb | A map of tags for the resource. |
tags_src | jsonb | A list of tags attached with the resource. |
title | text | Title of the resource. |
update_time | timestamp with time zone | The time when the KMS Secret was modifies. |
version_ids | jsonb | The list of secret versions. |