turbot/alicloud

GitHub
steampipe plugin install alicloudsteampipe plugin install alicloud
alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch

Table: alicloud_kms_secret

Secret enables to manage secrets in a centralized manner throughout their lifecycle (creation, retrieval, updating, and deletion).

Examples

Basic info

select
name,
description,
arn,
secret_type,
create_time
from
alicloud_kms_secret;

List secrets that do not have automatic rotation enabled

select
name,
secret_type automatic_rotation
from
alicloud_kms_secret
where
automatic_rotation <> 'Enabled';

List secrets that have not been rotated within the last 30 days

select
name,
secret_type,
automatic_rotation
from
alicloud_kms_secret
where
last_rotation_date < (current_date - interval '30' day);

Get the extended configuration info for each secret

select
name,
extended_config -> 'CustomData' ->> 'DBName' as db_name,
extended_config ->> 'DBInstanceId' as db_instance_id,
extended_config ->> 'SecretSubType' as secret_sub_type
from
alicloud_kms_secret;

List secrets without application tag key

select
name,
tags
from
alicloud_kms_secret
where
not tags :: JSONB ? 'application';

Query examples

.inspect alicloud_kms_secret

Alicloud KMS Secret

NameTypeDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe Alicloud Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Alibaba Cloud Resource Name (ARN).
automatic_rotationtextSpecifies whether automatic key rotation is enabled.
create_timetimestamp with time zoneThe time when the KMS Secret was created.
descriptiontextThe description of the secret.
encryption_key_idtextThe ID of the KMS customer master key (CMK) that is used to encrypt the secret value.
extended_configjsonbThe extended configuration of Secret.
last_rotation_datetimestamp with time zoneDate of last rotation of Secret.
nametextThe name of the secret.
next_rotation_datetimestamp with time zoneThe date of next rotation of Secret.
planned_delete_timetimestamp with time zoneThe time when the KMS Secret is planned to delete.
regiontextThe Alicloud region in which the resource is located.
rotation_intervaltextThe rotation perion of Secret.
secret_typetextThe type of the secret.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags attached with the resource.
titletextTitle of the resource.
update_timetimestamp with time zoneThe time when the KMS Secret was modifies.
version_idsjsonbThe list of secret versions.