You can assign aliases to secret versions for easier access. After an alias is assigned, you can access the secret versions using their aliases in the same way that you can access secret versions by their version number.
Required roles
Assigning an alias to a secret version requires the Secret Manager Admin role
(roles/secretmanager.admin
) on the secret, project, folder, or organization.
Assign an alias to a secret version
Console
-
Go to the Secret Manager page in the Google Cloud console.
-
On the Secret Manager page, click on the secret name to go to the Secret details page.
-
In the Secret details page, click
Edit Secret. -
In the Version aliases section, click ADD ALIAS, and then do the following:
-
Specify the alias name.
-
Select the secret version to which you will assign this alias.
-
-
Click UPDATE SECRET.
gcloud
To use Secret Manager on the command line, first Install or upgrade to version 378.0.0 or higher of the Google Cloud CLI. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
$ gcloud secrets update secret-id \
--update-version-aliases=key=value
Replace key with the version alias and value with the secret version number.
C#
To run this code, first set up a C# development environment and install the Secret Manager C# SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Go
To run this code, first set up a Go development environment and install the Secret Manager Go SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Java
To run this code, first set up a Java development environment and install the Secret Manager Java SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Node.js
To run this code, first set up a Node.js development environment and install the Secret Manager Node.js SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
PHP
To run this code, first learn about using PHP on Google Cloud and install the Secret Manager PHP SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Python
To run this code, first set up a Python development environment and install the Secret Manager Python SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Ruby
To run this code, first set up a Ruby development environment and install the Secret Manager Ruby SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
API
These examples use curl to demonstrate using the API. You can generate access tokens with gcloud auth print-access-token. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
$ curl "https://secretmanager.googleapis.com/v1/projects/project-id/secrets/secret-id?updateMask=version_aliases" \
--request "PATCH" \
--header "authorization: Bearer $(gcloud auth print-access-token)" \
--header "content-type: application/json" \
--data "{'version-aliases': {'key': 'value'}}"
Replace key with the version alias and value with the secret version number.
You can view aliases assigned to secret versions either on the OVERVIEW or on the VERSIONS tab of the Secret details page.
What's next
- Learn how to list secret versions and view secret version details.
- Learn how to ensure data integrity when adding and accessing secret versions.