Secret Manager API C++ Client Library

An idiomatic C++ client library for Secret Manager API, a service that stores sensitive data such as API keys, passwords, and certificates.

While this library is GA, please note that the Google Cloud C++ client libraries do not follow Semantic Versioning.

Quickstart

The following shows the code that you'll run in the google/cloud/secretmanager/quickstart/ directory, which should give you a taste of the Secret Manager API C++ client library API.

#include "google/cloud/secretmanager/v1/secret_manager_client.h"
#include <iostream>

int main(int argc, char* argv[]) try {
  if (argc != 2) {
    std::cerr << "Usage: " << argv[0] << " project-id\n";
    return 1;
  }

  namespace secretmanager = ::google::cloud::secretmanager_v1;
  auto client = secretmanager::SecretManagerServiceClient(
      secretmanager::MakeSecretManagerServiceConnection());

  auto const parent = std::string("projects/") + argv[1];
  for (auto secret : client.ListSecrets(parent)) {
    if (!secret) throw std::move(secret).status();
    std::cout << secret->DebugString() << "\n";
  }

  return 0;
} catch (google::cloud::Status const& status) {
  std::cerr << "google::cloud::Status thrown: " << status << "\n";
  return 1;
}

Main classes

The main class in this library is secretmanager_v1::SecretManagerServiceClient. All RPCs are exposed as member functions of this class. Other classes provide helpers, retry policies, configuration parameters, and infrastructure to mock secretmanager_v1::SecretManagerServiceClient when testing your application.

Override the default endpoint

In some cases, you may need to override the default endpoint used by the client library. Use the google::cloud::EndpointOption when initializing the client library to change this default.

For example, this will override the default endpoint for secretmanager_v1::SecretManagerServiceClient:

  // This configuration is common with Private Google Access:
  //     https://cloud.google.com/vpc/docs/private-google-access
  auto options = google::cloud::Options{}.set<google::cloud::EndpointOption>(
      "private.googleapis.com");
  auto client = google::cloud::secretmanager_v1::SecretManagerServiceClient(
      google::cloud::secretmanager_v1::MakeSecretManagerServiceConnection(
          options));

Override the authentication configuration

Some applications cannot use the default authentication mechanism (known as Application Default Credentials). You can override this default using google::cloud::UnifiedCredentialsOption. The following example shows how to explicitly load a service account key file.

  [](std::string const& keyfile) {
    auto is = std::ifstream(keyfile);
    is.exceptions(std::ios::badbit);  // Minimal error handling in examples
    auto contents = std::string(std::istreambuf_iterator<char>(is.rdbuf()), {});
    auto options =
        google::cloud::Options{}.set<google::cloud::UnifiedCredentialsOption>(
            google::cloud::MakeServiceAccountCredentials(contents));
    return google::cloud::secretmanager_v1::SecretManagerServiceClient(
        google::cloud::secretmanager_v1::MakeSecretManagerServiceConnection(
            options));
  }

Keep in mind that we chose this as an example because it is relatively easy to understand. Consult the Best practices for managing service account keys guide for more details.

See Also

Authentication Components - for more information on the factory functions to create google::cloud::Credentials objects.

Retry, Backoff, and Idempotency Policies.

The library automatically retries requests that fail with transient errors, and uses exponential backoff to backoff between retries. Application developers can override the default policies.

More Information