SecretManagerServiceClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.secretmanager_v1.services.secret_manager_service.transports.base.SecretManagerServiceTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Secret Manager Service
Manages secrets and operations using those secrets. Implements a REST model with the following objects:
- Secret
- SecretVersion
Properties
transport
Returns the transport used by the client instance.
Returns | |
---|---|
Type | Description |
SecretManagerServiceTransport | The transport used by the client instance. |
Methods
SecretManagerServiceClient
SecretManagerServiceClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.secretmanager_v1.services.secret_manager_service.transports.base.SecretManagerServiceTransport]] = None, client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Instantiates the secret manager service client.
Parameters | |
---|---|
Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Union[str, SecretManagerServiceTransport]
The transport to use. If set to None, a transport is chosen automatically. |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. It won't take effect if a |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If mutual TLS transport creation failed for any reason. |
__exit__
__exit__(type, value, traceback)
Releases underlying transport's resources.
access_secret_version
access_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.AccessSecretVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Accesses a xref_SecretVersion. This call returns the secret data.
projects/*/secrets/*/versions/latest
is an alias to the most
recently created
xref_SecretVersion.
from google.cloud import secretmanager_v1
def sample_access_secret_version():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.AccessSecretVersionRequest(
name="name_value",
)
# Make the request
response = client.access_secret_version(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.AccessSecretVersionRequest, dict]
The request object. Request message for SecretManagerService.AccessSecretVersion. |
name |
str
Required. The resource name of the SecretVersion in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.types.AccessSecretVersionResponse | Response message for SecretManagerService.AccessSecretVersion. |
add_secret_version
add_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.AddSecretVersionRequest, dict]] = None, *, parent: Optional[str] = None, payload: Optional[google.cloud.secretmanager_v1.types.resources.SecretPayload] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Creates a new xref_SecretVersion containing secret data and attaches it to an existing xref_Secret.
from google.cloud import secretmanager_v1
def sample_add_secret_version():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.AddSecretVersionRequest(
parent="parent_value",
)
# Make the request
response = client.add_secret_version(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.AddSecretVersionRequest, dict]
The request object. Request message for SecretManagerService.AddSecretVersion. |
parent |
str
Required. The resource name of the Secret to associate with the SecretVersion in the format |
payload |
google.cloud.secretmanager_v1.types.SecretPayload
Required. The secret payload of the SecretVersion. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.types.SecretVersion | A secret version resource in the Secret Manager API. |
common_billing_account_path
common_billing_account_path(billing_account: str)
Returns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str)
Returns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str)
Returns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str)
Returns a fully-qualified organization string.
common_project_path
common_project_path(project: str)
Returns a fully-qualified project string.
create_secret
create_secret(request: Optional[Union[google.cloud.secretmanager_v1.types.service.CreateSecretRequest, dict]] = None, *, parent: Optional[str] = None, secret_id: Optional[str] = None, secret: Optional[google.cloud.secretmanager_v1.types.resources.Secret] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Creates a new xref_Secret containing no xref_SecretVersions.
from google.cloud import secretmanager_v1
def sample_create_secret():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.CreateSecretRequest(
parent="parent_value",
secret_id="secret_id_value",
)
# Make the request
response = client.create_secret(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.CreateSecretRequest, dict]
The request object. Request message for SecretManagerService.CreateSecret. |
parent |
str
Required. The resource name of the project to associate with the Secret, in the format |
secret_id |
str
Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen ( |
secret |
google.cloud.secretmanager_v1.types.Secret
Required. A Secret with initial field values. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.types.Secret | A Secret is a logical secret whose value and versions can be accessed. A Secret is made up of zero or more SecretVersions that represent the secret data. |
delete_secret
delete_secret(request: Optional[Union[google.cloud.secretmanager_v1.types.service.DeleteSecretRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Deletes a xref_Secret.
from google.cloud import secretmanager_v1
def sample_delete_secret():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.DeleteSecretRequest(
name="name_value",
)
# Make the request
client.delete_secret(request=request)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.DeleteSecretRequest, dict]
The request object. Request message for SecretManagerService.DeleteSecret. |
name |
str
Required. The resource name of the Secret to delete in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
destroy_secret_version
destroy_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.DestroySecretVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Destroys a xref_SecretVersion.
Sets the xref_state of the xref_SecretVersion to xref_DESTROYED and irrevocably destroys the secret data.
from google.cloud import secretmanager_v1
def sample_destroy_secret_version():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.DestroySecretVersionRequest(
name="name_value",
)
# Make the request
response = client.destroy_secret_version(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.DestroySecretVersionRequest, dict]
The request object. Request message for SecretManagerService.DestroySecretVersion. |
name |
str
Required. The resource name of the SecretVersion to destroy in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.types.SecretVersion | A secret version resource in the Secret Manager API. |
disable_secret_version
disable_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.DisableSecretVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Disables a xref_SecretVersion.
Sets the xref_state of the xref_SecretVersion to xref_DISABLED.
from google.cloud import secretmanager_v1
def sample_disable_secret_version():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.DisableSecretVersionRequest(
name="name_value",
)
# Make the request
response = client.disable_secret_version(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.DisableSecretVersionRequest, dict]
The request object. Request message for SecretManagerService.DisableSecretVersion. |
name |
str
Required. The resource name of the SecretVersion to disable in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.types.SecretVersion | A secret version resource in the Secret Manager API. |
enable_secret_version
enable_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.EnableSecretVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Enables a xref_SecretVersion.
Sets the xref_state of the xref_SecretVersion to xref_ENABLED.
from google.cloud import secretmanager_v1
def sample_enable_secret_version():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.EnableSecretVersionRequest(
name="name_value",
)
# Make the request
response = client.enable_secret_version(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.EnableSecretVersionRequest, dict]
The request object. Request message for SecretManagerService.EnableSecretVersion. |
name |
str
Required. The resource name of the SecretVersion to enable in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.types.SecretVersion | A secret version resource in the Secret Manager API. |
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
SecretManagerServiceClient | The constructed client. |
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)
Creates an instance of this client using the provided credentials info.
Parameter | |
---|---|
Name | Description |
info |
dict
The service account private key info. |
Returns | |
---|---|
Type | Description |
SecretManagerServiceClient | The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
SecretManagerServiceClient | The constructed client. |
get_iam_policy
get_iam_policy(request: Optional[Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]] = None, *, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set.
from google.cloud import secretmanager_v1
def sample_get_iam_policy():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.GetIamPolicyRequest(
resource="resource_value",
)
# Make the request
response = client.get_iam_policy(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]
The request object. Request message for |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.iam.v1.policy_pb2.Policy | Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" developer's="" guide](\=""> |
get_mtls_endpoint_and_cert_source
get_mtls_endpoint_and_cert_source(
client_options: Optional[google.api_core.client_options.ClientOptions] = None,
)
Return the API endpoint and client cert source for mutual TLS.
The client cert source is determined in the following order:
(1) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is not "true", the
client cert source is None.
(2) if client_options.client_cert_source
is provided, use the provided one; if the
default client cert source exists, use the default one; otherwise the client cert
source is None.
The API endpoint is determined in the following order:
(1) if client_options.api_endpoint
if provided, use the provided one.
(2) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is "always", use the
default mTLS endpoint; if the environment variabel is "never", use the default API
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
use the default API endpoint.
More details can be found at https://google.aip.dev/auth/4114.
Parameter | |
---|---|
Name | Description |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. Only the |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If any errors happen. |
Returns | |
---|---|
Type | Description |
Tuple[str, Callable[[], Tuple[bytes, bytes]]] | returns the API endpoint and the client cert source to use. |
get_secret
get_secret(request: Optional[Union[google.cloud.secretmanager_v1.types.service.GetSecretRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets metadata for a given xref_Secret.
from google.cloud import secretmanager_v1
def sample_get_secret():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.GetSecretRequest(
name="name_value",
)
# Make the request
response = client.get_secret(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.GetSecretRequest, dict]
The request object. Request message for SecretManagerService.GetSecret. |
name |
str
Required. The resource name of the Secret, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.types.Secret | A Secret is a logical secret whose value and versions can be accessed. A Secret is made up of zero or more SecretVersions that represent the secret data. |
get_secret_version
get_secret_version(request: Optional[Union[google.cloud.secretmanager_v1.types.service.GetSecretVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets metadata for a xref_SecretVersion.
projects/*/secrets/*/versions/latest
is an alias to the most
recently created
xref_SecretVersion.
from google.cloud import secretmanager_v1
def sample_get_secret_version():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.GetSecretVersionRequest(
name="name_value",
)
# Make the request
response = client.get_secret_version(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.GetSecretVersionRequest, dict]
The request object. Request message for SecretManagerService.GetSecretVersion. |
name |
str
Required. The resource name of the SecretVersion in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.types.SecretVersion | A secret version resource in the Secret Manager API. |
list_secret_versions
list_secret_versions(request: Optional[Union[google.cloud.secretmanager_v1.types.service.ListSecretVersionsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Lists xref_SecretVersions. This call does not return secret data.
from google.cloud import secretmanager_v1
def sample_list_secret_versions():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.ListSecretVersionsRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_secret_versions(request=request)
# Handle the response
for response in page_result:
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.ListSecretVersionsRequest, dict]
The request object. Request message for SecretManagerService.ListSecretVersions. |
parent |
str
Required. The resource name of the Secret associated with the SecretVersions to list, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.services.secret_manager_service.pagers.ListSecretVersionsPager | Response message for SecretManagerService.ListSecretVersions. Iterating over this object will yield results and resolve additional pages automatically. |
list_secrets
list_secrets(request: Optional[Union[google.cloud.secretmanager_v1.types.service.ListSecretsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Lists xref_Secrets.
from google.cloud import secretmanager_v1
def sample_list_secrets():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.ListSecretsRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_secrets(request=request)
# Handle the response
for response in page_result:
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.ListSecretsRequest, dict]
The request object. Request message for SecretManagerService.ListSecrets. |
parent |
str
Required. The resource name of the project associated with the Secrets, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.services.secret_manager_service.pagers.ListSecretsPager | Response message for SecretManagerService.ListSecrets. Iterating over this object will yield results and resolve additional pages automatically. |
parse_common_billing_account_path
parse_common_billing_account_path(path: str)
Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str)
Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str)
Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str)
Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str)
Parse a project path into its component segments.
parse_secret_path
parse_secret_path(path: str)
Parses a secret path into its component segments.
parse_secret_version_path
parse_secret_version_path(path: str)
Parses a secret_version path into its component segments.
parse_topic_path
parse_topic_path(path: str)
Parses a topic path into its component segments.
secret_path
secret_path(project: str, secret: str)
Returns a fully-qualified secret string.
secret_version_path
secret_version_path(project: str, secret: str, secret_version: str)
Returns a fully-qualified secret_version string.
set_iam_policy
set_iam_policy(request: Optional[Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]] = None, *, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Sets the access control policy on the specified secret. Replaces any existing policy.
Permissions on xref_SecretVersions are enforced according to the policy set on the associated xref_Secret.
from google.cloud import secretmanager_v1
def sample_set_iam_policy():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.SetIamPolicyRequest(
resource="resource_value",
)
# Make the request
response = client.set_iam_policy(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]
The request object. Request message for |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.iam.v1.policy_pb2.Policy | Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" developer's="" guide](\=""> |
test_iam_permissions
test_iam_permissions(request: Optional[Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]] = None, *, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Returns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
from google.cloud import secretmanager_v1
def sample_test_iam_permissions():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.TestIamPermissionsRequest(
resource="resource_value",
permissions=['permissions_value_1', 'permissions_value_2'],
)
# Make the request
response = client.test_iam_permissions(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]
The request object. Request message for |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse | Response message for TestIamPermissions method. |
topic_path
topic_path(project: str, topic: str)
Returns a fully-qualified topic string.
update_secret
update_secret(request: Optional[Union[google.cloud.secretmanager_v1.types.service.UpdateSecretRequest, dict]] = None, *, secret: Optional[google.cloud.secretmanager_v1.types.resources.Secret] = None, update_mask: Optional[google.protobuf.field_mask_pb2.FieldMask] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Updates metadata of an existing xref_Secret.
from google.cloud import secretmanager_v1
def sample_update_secret():
# Create a client
client = secretmanager_v1.SecretManagerServiceClient()
# Initialize request argument(s)
request = secretmanager_v1.UpdateSecretRequest(
)
# Make the request
response = client.update_secret(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.secretmanager_v1.types.UpdateSecretRequest, dict]
The request object. Request message for SecretManagerService.UpdateSecret. |
secret |
google.cloud.secretmanager_v1.types.Secret
Required. Secret with updated field values. This corresponds to the |
update_mask |
google.protobuf.field_mask_pb2.FieldMask
Required. Specifies the fields to be updated. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
google.cloud.secretmanager_v1.types.Secret | A Secret is a logical secret whose value and versions can be accessed. A Secret is made up of zero or more SecretVersions that represent the secret data. |