Accessing the API

Secret Manager exposes a REST API and a gRPC API for using and managing secrets directly or in your applications. This topic shows how to enable the Secret Manager API.

When the Secret Manager API is enabled, you can use the following tools to help integrate Secret Manager into your applications and processes.

  • The Cloud SDK, which provides a command-line interface for managing secrets from clients.
  • Convenient, idiomatic client libraries, which allow you to use secrets in applications written in Go, Python, Java, and other languages, without using the Secret Manager API directly.

Enabling API access

Before you begin using Secret Manager, you must enable API access.

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to the project selector page

  3. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  4. Enable the required API.

    Enable the API

  5. Install and initialize the Cloud SDK.

After enabling API access, additional configuration may be required, outside of Secret Manager.

  • To access Secret Manager resources from a Compute Engine instance, you must grant the instance the https://www.googleapis.com/auth/cloud-platform OAuth scope. For more information, refer to the Compute Engine documentation.
  • To access Secret Manager resources from App Engine, you must grant the App Engine service the required roles. You can also authenticate as an end user. To learn more, see the App Engine documentation.
  • To learn about authenticating to Google Cloud in different environments, refer to the Authentication overview.

What's next