Class SecretManagerServiceClient (1.0.2) 

SecretManagerServiceClient(
    transport=None,
    channel=None,
    credentials=None,
    client_config=None,
    client_info=None,
    client_options=None,
)

Secret Manager Service

Manages secrets and operations using those secrets. Implements a REST model with the following objects:

  • Secret
  • SecretVersion

Methods

SecretManagerServiceClient

SecretManagerServiceClient(
    transport=None,
    channel=None,
    credentials=None,
    client_config=None,
    client_info=None,
    client_options=None,
)

Constructor.

Parameters
NameDescription
channel grpc.Channel

DEPRECATED. A Channel instance through which to make calls. This argument is mutually exclusive with credentials; providing both will raise an exception.

credentials google.auth.credentials.Credentials

The authorization credentials to attach to requests. These credentials identify this application to the service. If none are specified, the client will attempt to ascertain the credentials from the environment. This argument is mutually exclusive with providing a transport instance to transport; doing so will raise an exception.

client_config dict

DEPRECATED. A dictionary of call options for each method. If not specified, the default configuration is used.

client_info google.api_core.gapic_v1.client_info.ClientInfo

The client info used to send a user-agent string along with API requests. If None, then default info will be used. Generally, you only need to set this if you're developing your own client library.

client_options Union[dict, google.api_core.client_options.ClientOptions]

Client options used to set user options on the client. API Endpoint should be set through client_options.

access_secret_version

access_secret_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Accesses a SecretVersion. This call returns the secret data.

projects/*/secrets/*/versions/latest is an alias to the latest SecretVersion.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

name = client.secret_version_path('[PROJECT]', '[SECRET]', '[SECRET_VERSION]')

response = client.access_secret_version(name)

Parameters
NameDescription
name str

Required. The resource name of the SecretVersion in the format projects//secrets//versions/*.

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

add_secret_version

add_secret_version(parent, payload, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Creates a new SecretVersion containing secret data and attaches it to an existing Secret.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

parent = client.secret_path('[PROJECT]', '[SECRET]')

TODO: Initialize payload:

payload = {}

response = client.add_secret_version(parent, payload)

Parameters
NameDescription
parent str

Required. The resource name of the Secret to associate with the SecretVersion in the format projects//secrets/.

payload Union[dict, SecretPayload]

Required. The secret payload of the SecretVersion. If a dict is provided, it must be of the same form as the protobuf message SecretPayload

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

create_secret

create_secret(parent, secret_id, secret, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Creates a new Secret containing no SecretVersions.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

parent = client.project_path('[PROJECT]')

TODO: Initialize secret_id:

secret_id = ''

TODO: Initialize secret:

secret = {}

response = client.create_secret(parent, secret_id, secret)

Parameters
NameDescription
parent str

Required. The resource name of the project to associate with the Secret, in the format projects/*.

secret_id str

Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (-) and underscore (_) characters.

secret Union[dict, Secret]

Required. A Secret with initial field values. If a dict is provided, it must be of the same form as the protobuf message Secret

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

delete_secret

delete_secret(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Deletes a Secret.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

name = client.secret_path('[PROJECT]', '[SECRET]')

client.delete_secret(name)

Parameters
NameDescription
name str

Required. The resource name of the Secret to delete in the format projects//secrets/.

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

destroy_secret_version

destroy_secret_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Destroys a SecretVersion.

Sets the state of the SecretVersion to DESTROYED and irrevocably destroys the secret data.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

name = client.secret_version_path('[PROJECT]', '[SECRET]', '[SECRET_VERSION]')

response = client.destroy_secret_version(name)

Parameters
NameDescription
name str

Required. The resource name of the SecretVersion to destroy in the format projects//secrets//versions/*.

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

disable_secret_version

disable_secret_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Disables a SecretVersion.

Sets the state of the SecretVersion to DISABLED.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

name = client.secret_version_path('[PROJECT]', '[SECRET]', '[SECRET_VERSION]')

response = client.disable_secret_version(name)

Parameters
NameDescription
name str

Required. The resource name of the SecretVersion to disable in the format projects//secrets//versions/*.

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

enable_secret_version

enable_secret_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Enables a SecretVersion.

Sets the state of the SecretVersion to ENABLED.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

name = client.secret_version_path('[PROJECT]', '[SECRET]', '[SECRET_VERSION]')

response = client.enable_secret_version(name)

Parameters
NameDescription
name str

Required. The resource name of the SecretVersion to enable in the format projects//secrets//versions/*.

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

from_service_account_file

from_service_account_file(filename, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
SecretManagerServiceClientThe constructed client.

from_service_account_json

from_service_account_json(filename, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
SecretManagerServiceClientThe constructed client.

get_iam_policy

get_iam_policy(resource, options_=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

TODO: Initialize resource:

resource = ''

response = client.get_iam_policy(resource)

Parameters
NameDescription
resource str

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

options_ Union[dict, GetPolicyOptions]

OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy. This field is only used by Cloud IAM. If a dict is provided, it must be of the same form as the protobuf message GetPolicyOptions

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

get_secret

get_secret(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Gets metadata for a given Secret.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

name = client.secret_path('[PROJECT]', '[SECRET]')

response = client.get_secret(name)

Parameters
NameDescription
name str

Required. The resource name of the Secret, in the format projects//secrets/.

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

get_secret_version

get_secret_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Gets metadata for a SecretVersion.

projects/*/secrets/*/versions/latest is an alias to the latest SecretVersion.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

name = client.secret_version_path('[PROJECT]', '[SECRET]', '[SECRET_VERSION]')

response = client.get_secret_version(name)

Parameters
NameDescription
name str

Required. The resource name of the SecretVersion in the format projects//secrets//versions/. projects//secrets/*/versions/latest is an alias to the latest SecretVersion.

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

list_secret_versions

list_secret_versions(parent, page_size=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Lists SecretVersions. This call does not return secret data.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

parent = client.secret_path('[PROJECT]', '[SECRET]')

Iterate over all results

for element in client.list_secret_versions(parent): ... # process element ... pass

Alternatively:

Iterate over results one page at a time

for page in client.list_secret_versions(parent).pages: ... for element in page: ... # process element ... pass

Parameters
NameDescription
parent str

Required. The resource name of the Secret associated with the SecretVersions to list, in the format projects//secrets/.

page_size int

The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

list_secrets

list_secrets(parent, page_size=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Lists Secrets.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

parent = client.project_path('[PROJECT]')

Iterate over all results

for element in client.list_secrets(parent): ... # process element ... pass

Alternatively:

Iterate over results one page at a time

for page in client.list_secrets(parent).pages: ... for element in page: ... # process element ... pass

Parameters
NameDescription
parent str

Required. The resource name of the project associated with the Secrets, in the format projects/*.

page_size int

The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

project_path

project_path(project)

Return a fully-qualified project string.

secret_path

secret_path(project, secret)

Return a fully-qualified secret string.

secret_version_path

secret_version_path(project, secret, secret_version)

Return a fully-qualified secret_version string.

set_iam_policy

set_iam_policy(resource, policy, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Sets the access control policy on the specified secret. Replaces any existing policy.

Permissions on SecretVersions are enforced according to the policy set on the associated Secret.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

TODO: Initialize resource:

resource = ''

TODO: Initialize policy:

policy = {}

response = client.set_iam_policy(resource, policy)

Parameters
NameDescription
resource str

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

policy Union[dict, Policy]

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. If a dict is provided, it must be of the same form as the protobuf message Policy

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

test_iam_permissions

test_iam_permissions(resource, permissions, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Returns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

TODO: Initialize resource:

resource = ''

TODO: Initialize permissions:

permissions = []

response = client.test_iam_permissions(resource, permissions)

Parameters
NameDescription
resource str

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

permissions list[str]

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview https://cloud.google.com/iam/docs/overview#permissions__.

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.

update_secret

update_secret(secret, update_mask, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)

Updates metadata of an existing Secret.

.. rubric:: Example

from google.cloud import secretmanager_v1

client = secretmanager_v1.SecretManagerServiceClient()

TODO: Initialize secret:

secret = {}

TODO: Initialize update_mask:

update_mask = {}

response = client.update_secret(secret, update_mask)

Parameters
NameDescription
secret Union[dict, Secret]

Required. Secret with updated field values. If a dict is provided, it must be of the same form as the protobuf message Secret

update_mask Union[dict, FieldMask]

Required. Specifies the fields to be updated. If a dict is provided, it must be of the same form as the protobuf message FieldMask

retry Optional[google.api_core.retry.Retry]

A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

timeout Optional[float]

The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

metadata Optional[Sequence[Tuple[str, str]]]

Additional metadata that is provided to the method.

Exceptions
TypeDescription
google.api_core.exceptions.GoogleAPICallErrorIf the request failed for any reason.
google.api_core.exceptions.RetryErrorIf the request failed due to a retryable error and retry attempts failed.
ValueErrorIf the parameters are invalid.