[Yandex Cloud documentation](../../../../index.md) > [Yandex Lockbox](../../../index.md) > API reference > [gRPC](../index.md) > [Secret](index.md) > List

# Lockbox API, gRPC: SecretService.List

Retrieves the list of secrets in the specified folder.

## gRPC request

**rpc List ([ListSecretsRequest](#yandex.cloud.lockbox.v1.ListSecretsRequest)) returns ([ListSecretsResponse](#yandex.cloud.lockbox.v1.ListSecretsResponse))**

## ListSecretsRequest {#yandex.cloud.lockbox.v1.ListSecretsRequest}

```json
{
  "folder_id": "string",
  "page_size": "int64",
  "page_token": "string"
}
```

#|
||Field | Description ||
|| folder_id | **string**

Required field. ID of the folder to list secrets in.

The maximum string length in characters is 50. ||
|| page_size | **int64**

The maximum number of results per page to return. If the number of available
results is larger than `page_size`, the service returns a [ListSecretsRequest.next_page_token]
that can be used to get the next page of results in subsequent list requests.
Default value: 100.

The maximum value is 1000. ||
|| page_token | **string**

Page token. To get the next page of results, set `page_token` to the
[ListSecretsRequest.next_page_token] returned by a previous list request.

The maximum string length in characters is 100. ||
|#

## ListSecretsResponse {#yandex.cloud.lockbox.v1.ListSecretsResponse}

```json
{
  "secrets": [
    {
      // Includes only one of the fields `password_payload_specification`
      "password_payload_specification": {
        "password_key": "string",
        "length": "int64",
        "include_uppercase": "google.protobuf.BoolValue",
        "include_lowercase": "google.protobuf.BoolValue",
        "include_digits": "google.protobuf.BoolValue",
        "include_punctuation": "google.protobuf.BoolValue",
        "included_punctuation": "string",
        "excluded_punctuation": "string"
      },
      // end of the list of possible fields
      "id": "string",
      "folder_id": "string",
      "created_at": "google.protobuf.Timestamp",
      "name": "string",
      "description": "string",
      "labels": "map<string, string>",
      "kms_key_id": "string",
      "status": "Status",
      "current_version": {
        // Includes only one of the fields `password_payload_specification`
        "password_payload_specification": {
          "password_key": "string",
          "length": "int64",
          "include_uppercase": "google.protobuf.BoolValue",
          "include_lowercase": "google.protobuf.BoolValue",
          "include_digits": "google.protobuf.BoolValue",
          "include_punctuation": "google.protobuf.BoolValue",
          "included_punctuation": "string",
          "excluded_punctuation": "string"
        },
        // end of the list of possible fields
        "id": "string",
        "secret_id": "string",
        "created_at": "google.protobuf.Timestamp",
        "destroy_at": "google.protobuf.Timestamp",
        "description": "string",
        "status": "Status",
        "payload_entry_keys": [
          "string"
        ]
      },
      "deletion_protection": "bool"
    }
  ],
  "next_page_token": "string"
}
```

#|
||Field | Description ||
|| secrets[] | **[Secret](#yandex.cloud.lockbox.v1.Secret)**

List of secrets in the specified folder. ||
|| next_page_token | **string**

This token allows you to get the next page of results for list requests. If the number
of results is greater than the specified [ListSecretsRequest.page_size](#yandex.cloud.lockbox.v1.ListSecretsRequest), use
the `next_page_token` as the value for the [ListSecretsRequest.page_token](#yandex.cloud.lockbox.v1.ListSecretsRequest) query parameter
in the next list request. Each subsequent list request will have its own
`next_page_token` to continue paging through the results. ||
|#

## Secret {#yandex.cloud.lockbox.v1.Secret}

A secret that may contain several versions of the payload.

#|
||Field | Description ||
|| password_payload_specification | **[PasswordPayloadSpecification](#yandex.cloud.lockbox.v1.PasswordPayloadSpecification)**

Includes only one of the fields `password_payload_specification`. ||
|| id | **string**

ID of the secret. ||
|| folder_id | **string**

ID of the folder that the secret belongs to. ||
|| created_at | **[google.protobuf.Timestamp](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#timestamp)**

Creation timestamp. ||
|| name | **string**

Name of the secret. ||
|| description | **string**

Description of the secret. ||
|| labels | **object** (map<**string**, **string**>)

Custom labels for the secret as `key:value` pairs. Maximum 64 per key. ||
|| kms_key_id | **string**

Optional ID of the KMS key will be used to encrypt and decrypt the secret. ||
|| status | enum **Status**

Status of the secret.

- `CREATING`: The secret is being created.
- `ACTIVE`: The secret is active and the secret payload can be accessed.
Can be set to INACTIVE using the [SecretService.Deactivate](deactivate.md#Deactivate) method.
- `INACTIVE`: The secret is inactive and unusable.
Can be set to ACTIVE using the [SecretService.Deactivate](deactivate.md#Deactivate) method. ||
|| current_version | **[Version](#yandex.cloud.lockbox.v1.Version)**

Current (i.e. the `latest`) version of the secret. ||
|| deletion_protection | **bool**

Flag that inhibits deletion of the secret. ||
|#

## PasswordPayloadSpecification {#yandex.cloud.lockbox.v1.PasswordPayloadSpecification}

#|
||Field | Description ||
|| password_key | **string**

Required field. key of the entry to store generated password value

Value must match the regular expression ` [-_./\\@0-9a-zA-Z]+ `. ||
|| length | **int64**

password length; by default, a reasonable length will be decided

The maximum value is 256. ||
|| include_uppercase | **[google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value)**

whether at least one A..Z character is included in the password, true by default ||
|| include_lowercase | **[google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value)**

whether at least one a..z character is included in the password, true by default ||
|| include_digits | **[google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value)**

whether at least one 0..9 character is included in the password, true by default ||
|| include_punctuation | **[google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value)**

whether at least one punctuation character is included in the password, true by default
punctuation characters by default (there are 32): !"#$%&'()*+,-./:;&lt;=&gt;?@[\]^_`{\|}~
to customize the punctuation characters, see included_punctuation and excluded_punctuation below ||
|| included_punctuation | **string**

If include_punctuation is true, one of these two fields (not both) may be used optionally to customize the punctuation:
a string of specific punctuation characters to use (at most, all the 32) ||
|| excluded_punctuation | **string**

a string of punctuation characters to exclude from the default (at most 31, it's not allowed to exclude all the 32) ||
|#

## Version {#yandex.cloud.lockbox.v1.Version}

#|
||Field | Description ||
|| password_payload_specification | **[PasswordPayloadSpecification](#yandex.cloud.lockbox.v1.PasswordPayloadSpecification)**

Includes only one of the fields `password_payload_specification`. ||
|| id | **string**

ID of the version. ||
|| secret_id | **string**

ID of the secret that the version belongs to. ||
|| created_at | **[google.protobuf.Timestamp](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#timestamp)**

Time when the version was created. ||
|| destroy_at | **[google.protobuf.Timestamp](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#timestamp)**

Time when the version is going to be destroyed. Empty unless the status
is `SCHEDULED_FOR_DESTRUCTION`. ||
|| description | **string**

Description of the version. ||
|| status | enum **Status**

Status of the secret.

- `ACTIVE`: The version is active and the secret payload can be accessed.
- `SCHEDULED_FOR_DESTRUCTION`: The version is scheduled for destruction, the time when it will be destroyed
is specified in the `Version.destroy_at` field.
- `DESTROYED`: The version is destroyed and cannot be recovered. ||
|| payload_entry_keys[] | **string**

Keys of the entries contained in the version payload. ||
|#