forked from aliyun/ros-templates
-
Notifications
You must be signed in to change notification settings - Fork 1
/
secret.yml
95 lines (95 loc) · 2.58 KB
/
secret.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
ROSTemplateFormatVersion: '2015-09-01'
Description: KMS Secret resource example
Parameters:
VersionId:
Type: String
Description: |-
The version number of the initial version. Version numbers are unique in each secret
object.
SecretName:
Type: String
Description: The name of the secret.
SecretData:
Type: String
Description: |-
The value of the secret that you want to create. Secrets Manager encrypts the secret
value and stores it in the initial version.
Description:
Type: String
Description: The description of the secret.
Default: null
SecretDataType:
Type: String
Description: |-
The type of the secret value. Valid values:
text (default value)
binary
Default: null
AllowedValues:
- text
- binary
VersionStages:
Type: Json
Description: The stage labels that mark the secret version. ACSCurrent will be
marked as DefaultIf you do not specify it, Secrets Manager marks it with "ACSCurrent".
Default: null
MinLength: 1
MaxLength: 7
EncryptionKeyId:
Type: String
Description: |-
The ID of the KMS CMK that is used to encrypt the secret value.
If you do not specify this parameter, Secrets Manager automatically creates an encryption
key to encrypt the secret.
Note The KMS CMK must be a symmetric key.
Default: null
RecoveryWindowInDays:
Type: Number
Description: 'Specifies the recovery period of the secret if you do not forcibly
delete it. Default value: 30'
Default: 30
ForceDeleteWithoutRecovery:
Type: Boolean
Description: |-
Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values:
true
false (default value)
Default: false
AllowedValues:
- true
- false
Resources:
Secret:
Type: ALIYUN::KMS::Secret
Properties:
VersionId:
Ref: VersionId
SecretName:
Ref: SecretName
Description:
Ref: Description
SecretDataType:
Ref: SecretDataType
SecretData:
Ref: SecretData
VersionStages:
Ref: VersionStages
EncryptionKeyId:
Ref: EncryptionKeyId
RecoveryWindowInDays:
Ref: RecoveryWindowInDays
ForceDeleteWithoutRecovery:
Ref: ForceDeleteWithoutRecovery
Outputs:
SecretName:
Description: The name of the secret.
Value:
Fn::GetAtt:
- Secret
- SecretName
Arn:
Description: The Alibaba Cloud Resource Name (ARN).
Value:
Fn::GetAtt:
- Secret
- Arn