Class SecretManagerServiceClient (2.10.0)

SecretManagerServiceClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.secretmanager_v1.services.secret_manager_service.transports.base.SecretManagerServiceTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)

Secret Manager Service

Manages secrets and operations using those secrets. Implements a REST model with the following objects:

  • Secret
  • SecretVersion

Properties

transport

Returns the transport used by the client instance.

Returns
TypeDescription
SecretManagerServiceTransportThe transport used by the client instance.

Methods

SecretManagerServiceClient

SecretManagerServiceClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.secretmanager_v1.services.secret_manager_service.transports.base.SecretManagerServiceTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)

Instantiates the secret manager service client.

Parameters
NameDescription
credentials Optional[google.auth.credentials.Credentials]

The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment.

transport Union[str, SecretManagerServiceTransport]

The transport to use. If set to None, a transport is chosen automatically.

client_options google.api_core.client_options.ClientOptions

Custom options for the client. It won't take effect if a transport instance is provided. (1) The api_endpoint property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT environment variable can also be used to override the endpoint: "always" (always use the default mTLS endpoint), "never" (always use the default regular endpoint) and "auto" (auto switch to the default mTLS endpoint if client certificate is present, this is the default value). However, the api_endpoint property takes precedence if provided. (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "true", then the client_cert_source property can be used to provide client certificate for mutual TLS transport. If not provided, the default SSL client certificate will be used if present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not set, no client certificate will be used.

client_info google.api_core.gapic_v1.client_info.ClientInfo

The client info used to send a user-agent string along with API requests. If None, then default info will be used. Generally, you only need to set this if you're developing your own client library.

Exceptions
TypeDescription
google.auth.exceptions.MutualTLSChannelErrorIf mutual TLS transport creation failed for any reason.

__exit__

__exit__(type, value, traceback)

Releases underlying transport's resources.

access_secret_version

access_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.AccessSecretVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Accesses a xref_SecretVersion. This call returns the secret data.

projects/*/secrets/*/versions/latest is an alias to the most recently created xref_SecretVersion.

from google.cloud import secretmanager_v1

def sample_access_secret_version():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.AccessSecretVersionRequest(
        name="name_value",
    )

    # Make the request
    response = client.access_secret_version(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.AccessSecretVersionRequest, dict]

The request object. Request message for SecretManagerService.AccessSecretVersion.

name str

Required. The resource name of the SecretVersion in the format projects//secrets//versions/. projects//secrets/*/versions/latest is an alias to the most recently created SecretVersion. This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.types.AccessSecretVersionResponseResponse message for SecretManagerService.AccessSecretVersion.

add_secret_version

add_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.AddSecretVersionRequest, dict]] = None, *, parent: Optional[str] = None, payload: Optional[google.cloud.secretmanager_v1.types.resources.SecretPayload] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Creates a new xref_SecretVersion containing secret data and attaches it to an existing xref_Secret.

from google.cloud import secretmanager_v1

def sample_add_secret_version():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.AddSecretVersionRequest(
        parent="parent_value",
    )

    # Make the request
    response = client.add_secret_version(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.AddSecretVersionRequest, dict]

The request object. Request message for SecretManagerService.AddSecretVersion.

parent str

Required. The resource name of the Secret to associate with the SecretVersion in the format projects//secrets/. This corresponds to the parent field on the request instance; if request is provided, this should not be set.

payload google.cloud.secretmanager_v1.types.SecretPayload

Required. The secret payload of the SecretVersion. This corresponds to the payload field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.types.SecretVersionA secret version resource in the Secret Manager API.

common_billing_account_path

common_billing_account_path(billing_account: str)

Returns a fully-qualified billing_account string.

common_folder_path

common_folder_path(folder: str)

Returns a fully-qualified folder string.

common_location_path

common_location_path(project: str, location: str)

Returns a fully-qualified location string.

common_organization_path

common_organization_path(organization: str)

Returns a fully-qualified organization string.

common_project_path

common_project_path(project: str)

Returns a fully-qualified project string.

create_secret

create_secret(request: Optional[Union[google.cloud.secretmanager_v1.types.service.CreateSecretRequest, dict]] = None, *, parent: Optional[str] = None, secret_id: Optional[str] = None, secret: Optional[google.cloud.secretmanager_v1.types.resources.Secret] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Creates a new xref_Secret containing no xref_SecretVersions.

from google.cloud import secretmanager_v1

def sample_create_secret():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.CreateSecretRequest(
        parent="parent_value",
        secret_id="secret_id_value",
    )

    # Make the request
    response = client.create_secret(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.CreateSecretRequest, dict]

The request object. Request message for SecretManagerService.CreateSecret.

parent str

Required. The resource name of the project to associate with the Secret, in the format projects/*. This corresponds to the parent field on the request instance; if request is provided, this should not be set.

secret_id str

Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (-) and underscore (_) characters. This corresponds to the secret_id field on the request instance; if request is provided, this should not be set.

secret google.cloud.secretmanager_v1.types.Secret

Required. A Secret with initial field values. This corresponds to the secret field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.types.SecretA Secret is a logical secret whose value and versions can be accessed. A Secret is made up of zero or more SecretVersions that represent the secret data.

delete_secret

delete_secret(request: Optional[Union[google.cloud.secretmanager_v1.types.service.DeleteSecretRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Deletes a xref_Secret.

from google.cloud import secretmanager_v1

def sample_delete_secret():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.DeleteSecretRequest(
        name="name_value",
    )

    # Make the request
    client.delete_secret(request=request)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.DeleteSecretRequest, dict]

The request object. Request message for SecretManagerService.DeleteSecret.

name str

Required. The resource name of the Secret to delete in the format projects//secrets/. This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

destroy_secret_version

destroy_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.DestroySecretVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Destroys a xref_SecretVersion.

Sets the xref_state of the xref_SecretVersion to xref_DESTROYED and irrevocably destroys the secret data.

from google.cloud import secretmanager_v1

def sample_destroy_secret_version():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.DestroySecretVersionRequest(
        name="name_value",
    )

    # Make the request
    response = client.destroy_secret_version(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.DestroySecretVersionRequest, dict]

The request object. Request message for SecretManagerService.DestroySecretVersion.

name str

Required. The resource name of the SecretVersion to destroy in the format projects//secrets//versions/*. This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.types.SecretVersionA secret version resource in the Secret Manager API.

disable_secret_version

disable_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.DisableSecretVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Disables a xref_SecretVersion.

Sets the xref_state of the xref_SecretVersion to xref_DISABLED.

from google.cloud import secretmanager_v1

def sample_disable_secret_version():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.DisableSecretVersionRequest(
        name="name_value",
    )

    # Make the request
    response = client.disable_secret_version(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.DisableSecretVersionRequest, dict]

The request object. Request message for SecretManagerService.DisableSecretVersion.

name str

Required. The resource name of the SecretVersion to disable in the format projects//secrets//versions/*. This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.types.SecretVersionA secret version resource in the Secret Manager API.

enable_secret_version

enable_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.EnableSecretVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Enables a xref_SecretVersion.

Sets the xref_state of the xref_SecretVersion to xref_ENABLED.

from google.cloud import secretmanager_v1

def sample_enable_secret_version():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.EnableSecretVersionRequest(
        name="name_value",
    )

    # Make the request
    response = client.enable_secret_version(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.EnableSecretVersionRequest, dict]

The request object. Request message for SecretManagerService.EnableSecretVersion.

name str

Required. The resource name of the SecretVersion to enable in the format projects//secrets//versions/*. This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.types.SecretVersionA secret version resource in the Secret Manager API.

from_service_account_file

from_service_account_file(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
SecretManagerServiceClientThe constructed client.

from_service_account_info

from_service_account_info(info: dict, *args, **kwargs)

Creates an instance of this client using the provided credentials info.

Parameter
NameDescription
info dict

The service account private key info.

Returns
TypeDescription
SecretManagerServiceClientThe constructed client.

from_service_account_json

from_service_account_json(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
SecretManagerServiceClientThe constructed client.

get_iam_policy

get_iam_policy(request: Optional[Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]] = None, *, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set.

from google.cloud import secretmanager_v1

def sample_get_iam_policy():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.GetIamPolicyRequest(
        resource="resource_value",
    )

    # Make the request
    response = client.get_iam_policy(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]

The request object. Request message for GetIamPolicy method.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.iam.v1.policy_pb2.PolicyDefines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" developer's="" guide](\="">

get_mtls_endpoint_and_cert_source

get_mtls_endpoint_and_cert_source(
    client_options: Optional[google.api_core.client_options.ClientOptions] = None,
)

Return the API endpoint and client cert source for mutual TLS.

The client cert source is determined in the following order: (1) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not "true", the client cert source is None. (2) if client_options.client_cert_source is provided, use the provided one; if the default client cert source exists, use the default one; otherwise the client cert source is None.

The API endpoint is determined in the following order: (1) if client_options.api_endpoint if provided, use the provided one. (2) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "always", use the default mTLS endpoint; if the environment variabel is "never", use the default API endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise use the default API endpoint.

More details can be found at https://google.aip.dev/auth/4114.

Parameter
NameDescription
client_options google.api_core.client_options.ClientOptions

Custom options for the client. Only the api_endpoint and client_cert_source properties may be used in this method.

Exceptions
TypeDescription
google.auth.exceptions.MutualTLSChannelErrorIf any errors happen.
Returns
TypeDescription
Tuple[str, Callable[[], Tuple[bytes, bytes]]]returns the API endpoint and the client cert source to use.

get_secret

get_secret(request: Optional[Union[google.cloud.secretmanager_v1.types.service.GetSecretRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Gets metadata for a given xref_Secret.

from google.cloud import secretmanager_v1

def sample_get_secret():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.GetSecretRequest(
        name="name_value",
    )

    # Make the request
    response = client.get_secret(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.GetSecretRequest, dict]

The request object. Request message for SecretManagerService.GetSecret.

name str

Required. The resource name of the Secret, in the format projects//secrets/. This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.types.SecretA Secret is a logical secret whose value and versions can be accessed. A Secret is made up of zero or more SecretVersions that represent the secret data.

get_secret_version

get_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.GetSecretVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Gets metadata for a xref_SecretVersion.

projects/*/secrets/*/versions/latest is an alias to the most recently created xref_SecretVersion.

from google.cloud import secretmanager_v1

def sample_get_secret_version():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.GetSecretVersionRequest(
        name="name_value",
    )

    # Make the request
    response = client.get_secret_version(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.GetSecretVersionRequest, dict]

The request object. Request message for SecretManagerService.GetSecretVersion.

name str

Required. The resource name of the SecretVersion in the format projects//secrets//versions/. projects//secrets/*/versions/latest is an alias to the most recently created SecretVersion. This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.types.SecretVersionA secret version resource in the Secret Manager API.

list_secret_versions

list_secret_versions(request: Optional[Union[google.cloud.secretmanager_v1.types.service.ListSecretVersionsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Lists xref_SecretVersions. This call does not return secret data.

from google.cloud import secretmanager_v1

def sample_list_secret_versions():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.ListSecretVersionsRequest(
        parent="parent_value",
    )

    # Make the request
    page_result = client.list_secret_versions(request=request)

    # Handle the response
    for response in page_result:
        print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.ListSecretVersionsRequest, dict]

The request object. Request message for SecretManagerService.ListSecretVersions.

parent str

Required. The resource name of the Secret associated with the SecretVersions to list, in the format projects//secrets/. This corresponds to the parent field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.services.secret_manager_service.pagers.ListSecretVersionsPagerResponse message for SecretManagerService.ListSecretVersions. Iterating over this object will yield results and resolve additional pages automatically.

list_secrets

list_secrets(request: Optional[Union[google.cloud.secretmanager_v1.types.service.ListSecretsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Lists xref_Secrets.

from google.cloud import secretmanager_v1

def sample_list_secrets():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.ListSecretsRequest(
        parent="parent_value",
    )

    # Make the request
    page_result = client.list_secrets(request=request)

    # Handle the response
    for response in page_result:
        print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.ListSecretsRequest, dict]

The request object. Request message for SecretManagerService.ListSecrets.

parent str

Required. The resource name of the project associated with the Secrets, in the format projects/*. This corresponds to the parent field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.services.secret_manager_service.pagers.ListSecretsPagerResponse message for SecretManagerService.ListSecrets. Iterating over this object will yield results and resolve additional pages automatically.

parse_common_billing_account_path

parse_common_billing_account_path(path: str)

Parse a billing_account path into its component segments.

parse_common_folder_path

parse_common_folder_path(path: str)

Parse a folder path into its component segments.

parse_common_location_path

parse_common_location_path(path: str)

Parse a location path into its component segments.

parse_common_organization_path

parse_common_organization_path(path: str)

Parse a organization path into its component segments.

parse_common_project_path

parse_common_project_path(path: str)

Parse a project path into its component segments.

parse_secret_path

parse_secret_path(path: str)

Parses a secret path into its component segments.

parse_secret_version_path

parse_secret_version_path(path: str)

Parses a secret_version path into its component segments.

parse_topic_path

parse_topic_path(path: str)

Parses a topic path into its component segments.

secret_path

secret_path(project: str, secret: str)

Returns a fully-qualified secret string.

secret_version_path

secret_version_path(project: str, secret: str, secret_version: str)

Returns a fully-qualified secret_version string.

set_iam_policy

set_iam_policy(request: Optional[Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]] = None, *, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Sets the access control policy on the specified secret. Replaces any existing policy.

Permissions on xref_SecretVersions are enforced according to the policy set on the associated xref_Secret.

from google.cloud import secretmanager_v1

def sample_set_iam_policy():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.SetIamPolicyRequest(
        resource="resource_value",
    )

    # Make the request
    response = client.set_iam_policy(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]

The request object. Request message for SetIamPolicy method.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.iam.v1.policy_pb2.PolicyDefines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" developer's="" guide](\="">

test_iam_permissions

test_iam_permissions(request: Optional[Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]] = None, *, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Returns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

from google.cloud import secretmanager_v1

def sample_test_iam_permissions():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.TestIamPermissionsRequest(
        resource="resource_value",
        permissions=['permissions_value_1', 'permissions_value_2'],
    )

    # Make the request
    response = client.test_iam_permissions(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]

The request object. Request message for TestIamPermissions method.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.iam.v1.iam_policy_pb2.TestIamPermissionsResponseResponse message for TestIamPermissions method.

topic_path

topic_path(project: str, topic: str)

Returns a fully-qualified topic string.

update_secret

update_secret(request: Optional[Union[google.cloud.secretmanager_v1.types.service.UpdateSecretRequest, dict]] = None, *, secret: Optional[google.cloud.secretmanager_v1.types.resources.Secret] = None, update_mask: Optional[google.protobuf.field_mask_pb2.FieldMask] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Updates metadata of an existing xref_Secret.

from google.cloud import secretmanager_v1

def sample_update_secret():
    # Create a client
    client = secretmanager_v1.SecretManagerServiceClient()

    # Initialize request argument(s)
    request = secretmanager_v1.UpdateSecretRequest(
    )

    # Make the request
    response = client.update_secret(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.secretmanager_v1.types.UpdateSecretRequest, dict]

The request object. Request message for SecretManagerService.UpdateSecret.

secret google.cloud.secretmanager_v1.types.Secret

Required. Secret with updated field values. This corresponds to the secret field on the request instance; if request is provided, this should not be set.

update_mask google.protobuf.field_mask_pb2.FieldMask

Required. Specifies the fields to be updated. This corresponds to the update_mask field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.secretmanager_v1.types.SecretA Secret is a logical secret whose value and versions can be accessed. A Secret is made up of zero or more SecretVersions that represent the secret data.