- NAME
-
- gcloud secrets versions access - access a secret version's data
- SYNOPSIS
-
-
gcloud secrets versions access
(VERSION
:--secret
=SECRET
) [--location
=LOCATION
] [--out-file
=OUT-FILE-PATH
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
- Access the data for the specified secret version.
- EXAMPLES
-
Access the data for version 123 of the secret 'my-secret':
gcloud secrets versions access 123 --secret=my-secret
Note: The output will be formatted as UTF-8 which can corrupt binary secrets.
To write raw bytes to a file use --out-file flag:
gcloud secrets versions access 123 --secret=my-secret --out-file=/tmp/secret
To get the raw bytes, have Google Cloud CLI print the response as base64-encoded and decode:
gcloud secrets versions access 123 --secret=my-secret --format='get(payload.data)' | tr '_-' '/+' | base64 -d
- POSITIONAL ARGUMENTS
-
-
Version resource - Numeric secret version to access or a configured alias
(including 'latest' to use the latest version). The arguments in this group can
be used to specify the attributes of this resource. (NOTE) Some attributes are
not given arguments in this group but can be set in other ways.
To set the
project
attribute:-
provide the argument
VERSION
on the command line with a fully specified name; -
provide the argument
--project
on the command line; -
set the property
core/project
.
This must be specified.
VERSION
-
ID of the version or fully qualified identifier for the version.
To set the
version
attribute:-
provide the argument
VERSION
on the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--secret
=SECRET
-
The secret of the version.
To set the
secret
attribute:-
provide the argument
VERSION
on the command line with a fully specified name; -
provide the argument
--secret
on the command line.
-
provide the argument
-
provide the argument
-
Version resource - Numeric secret version to access or a configured alias
(including 'latest' to use the latest version). The arguments in this group can
be used to specify the attributes of this resource. (NOTE) Some attributes are
not given arguments in this group but can be set in other ways.
- FLAGS
-
-
Location resource - The location to access secret. This represents a Cloud
resource. (NOTE) Some attributes are not given arguments in this group but can
be set in other ways.
To set the
project
attribute:-
provide the argument
--location
on the command line with a fully specified name; -
provide the argument
--project
on the command line; -
set the property
core/project
.
--location
=LOCATION
-
ID of the location or fully qualified identifier for the location.
To set the
location
attribute:-
provide the argument
--location
on the command line.
-
provide the argument
-
provide the argument
--out-file
=OUT-FILE-PATH
- File path to which secret data is written. If this flag is not provided secret data will be written to stdout in UTF-8 format.
-
Location resource - The location to access secret. This represents a Cloud
resource. (NOTE) Some attributes are not given arguments in this group but can
be set in other ways.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This variant is also available:
gcloud beta secrets versions access
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-07-02 UTC.