SecretManagerServiceClient(
transport=None,
channel=None,
credentials=None,
client_config=None,
client_info=None,
client_options=None,
)
Secret Manager Service
Manages secrets and operations using those secrets. Implements a REST model with the following objects:
Secret
SecretVersion
Methods
SecretManagerServiceClient
SecretManagerServiceClient(
transport=None,
channel=None,
credentials=None,
client_config=None,
client_info=None,
client_options=None,
)
Constructor.
Parameters | |
---|---|
Name | Description |
channel |
grpc.Channel
DEPRECATED. A |
credentials |
google.auth.credentials.Credentials
The authorization credentials to attach to requests. These credentials identify this application to the service. If none are specified, the client will attempt to ascertain the credentials from the environment. This argument is mutually exclusive with providing a transport instance to |
client_config |
dict
DEPRECATED. A dictionary of call options for each method. If not specified, the default configuration is used. |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
client_options |
Union[dict, google.api_core.client_options.ClientOptions]
Client options used to set user options on the client. API Endpoint should be set through client_options. |
access_secret_version
access_secret_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Accesses a SecretVersion
. This call returns the secret data.
projects/*/secrets/*/versions/latest
is an alias to the latest
SecretVersion
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
name = client.secret_version_path('[PROJECT]', '[SECRET]', '[SECRET_VERSION]')
response = client.access_secret_version(name)
Parameters | |
---|---|
Name | Description |
name |
str
Required. The resource name of the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
add_secret_version
add_secret_version(parent, payload, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Creates a new SecretVersion
containing secret data and attaches
it to an existing Secret
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
parent = client.secret_path('[PROJECT]', '[SECRET]')
TODO: Initialize
payload
:payload = {}
response = client.add_secret_version(parent, payload)
Parameters | |
---|---|
Name | Description |
parent |
str
Required. The resource name of the |
payload |
Union[dict, SecretPayload]
Required. The secret payload of the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
create_secret
create_secret(parent, secret_id, secret, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Creates a new Secret
containing no SecretVersions
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
parent = client.project_path('[PROJECT]')
TODO: Initialize
secret_id
:secret_id = ''
TODO: Initialize
secret
:secret = {}
response = client.create_secret(parent, secret_id, secret)
Parameters | |
---|---|
Name | Description |
parent |
str
Required. The resource name of the project to associate with the |
secret_id |
str
Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen ( |
secret |
Union[dict, Secret]
Required. A |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
delete_secret
delete_secret(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Deletes a Secret
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
name = client.secret_path('[PROJECT]', '[SECRET]')
client.delete_secret(name)
Parameters | |
---|---|
Name | Description |
name |
str
Required. The resource name of the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
destroy_secret_version
destroy_secret_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Destroys a SecretVersion
.
Sets the state
of the SecretVersion
to DESTROYED
and
irrevocably destroys the secret data.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
name = client.secret_version_path('[PROJECT]', '[SECRET]', '[SECRET_VERSION]')
response = client.destroy_secret_version(name)
Parameters | |
---|---|
Name | Description |
name |
str
Required. The resource name of the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
disable_secret_version
disable_secret_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Disables a SecretVersion
.
Sets the state
of the SecretVersion
to DISABLED
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
name = client.secret_version_path('[PROJECT]', '[SECRET]', '[SECRET_VERSION]')
response = client.disable_secret_version(name)
Parameters | |
---|---|
Name | Description |
name |
str
Required. The resource name of the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
enable_secret_version
enable_secret_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Enables a SecretVersion
.
Sets the state
of the SecretVersion
to ENABLED
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
name = client.secret_version_path('[PROJECT]', '[SECRET]', '[SECRET_VERSION]')
response = client.enable_secret_version(name)
Parameters | |
---|---|
Name | Description |
name |
str
Required. The resource name of the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
from_service_account_file
from_service_account_file(filename, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
SecretManagerServiceClient | The constructed client. |
from_service_account_json
from_service_account_json(filename, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
SecretManagerServiceClient | The constructed client. |
get_iam_policy
get_iam_policy(resource, options_=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
TODO: Initialize
resource
:resource = ''
response = client.get_iam_policy(resource)
Parameters | |
---|---|
Name | Description |
resource |
str
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. |
options_ |
Union[dict, GetPolicyOptions]
OPTIONAL: A |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
get_secret
get_secret(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Gets metadata for a given Secret
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
name = client.secret_path('[PROJECT]', '[SECRET]')
response = client.get_secret(name)
Parameters | |
---|---|
Name | Description |
name |
str
Required. The resource name of the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
get_secret_version
get_secret_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Gets metadata for a SecretVersion
.
projects/*/secrets/*/versions/latest
is an alias to the latest
SecretVersion
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
name = client.secret_version_path('[PROJECT]', '[SECRET]', '[SECRET_VERSION]')
response = client.get_secret_version(name)
Parameters | |
---|---|
Name | Description |
name |
str
Required. The resource name of the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
list_secret_versions
list_secret_versions(parent, page_size=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Lists SecretVersions
. This call does not return secret data.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
parent = client.secret_path('[PROJECT]', '[SECRET]')
Iterate over all results
for element in client.list_secret_versions(parent): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_secret_versions(parent).pages: ... for element in page: ... # process element ... pass
Parameters | |
---|---|
Name | Description |
parent |
str
Required. The resource name of the |
page_size |
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
list_secrets
list_secrets(parent, page_size=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Lists Secrets
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
parent = client.project_path('[PROJECT]')
Iterate over all results
for element in client.list_secrets(parent): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_secrets(parent).pages: ... for element in page: ... # process element ... pass
Parameters | |
---|---|
Name | Description |
parent |
str
Required. The resource name of the project associated with the |
page_size |
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
project_path
project_path(project)
Return a fully-qualified project string.
secret_path
secret_path(project, secret)
Return a fully-qualified secret string.
secret_version_path
secret_version_path(project, secret, secret_version)
Return a fully-qualified secret_version string.
set_iam_policy
set_iam_policy(resource, policy, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Sets the access control policy on the specified secret. Replaces any existing policy.
Permissions on SecretVersions
are enforced according to the policy
set on the associated Secret
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
TODO: Initialize
resource
:resource = ''
TODO: Initialize
policy
:policy = {}
response = client.set_iam_policy(resource, policy)
Parameters | |
---|---|
Name | Description |
resource |
str
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. |
policy |
Union[dict, Policy]
REQUIRED: The complete policy to be applied to the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
test_iam_permissions
test_iam_permissions(resource, permissions, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Returns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
TODO: Initialize
resource
:resource = ''
TODO: Initialize
permissions
:permissions = []
response = client.test_iam_permissions(resource, permissions)
Parameters | |
---|---|
Name | Description |
resource |
str
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. |
permissions |
list[str]
The set of permissions to check for the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
update_secret
update_secret(secret, update_mask, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Updates metadata of an existing Secret
.
.. rubric:: Example
from google.cloud import secretmanager_v1
client = secretmanager_v1.SecretManagerServiceClient()
TODO: Initialize
secret
:secret = {}
TODO: Initialize
update_mask
:update_mask = {}
response = client.update_secret(secret, update_mask)
Parameters | |
---|---|
Name | Description |
secret |
Union[dict, Secret]
Required. |
update_mask |
Union[dict, FieldMask]
Required. Specifies the fields to be updated. If a dict is provided, it must be of the same form as the protobuf message FieldMask |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Exceptions | |
---|---|
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |