REST Resource: projects.secrets.versions

Resource: SecretVersion

A secret version resource in the Secret Manager API.

JSON representation
{
  "name": string,
  "createTime": string,
  "destroyTime": string,
  "state": enum (State),
  "replicationStatus": {
    object (ReplicationStatus)
  },
  "etag": string,
  "clientSpecifiedPayloadChecksum": boolean
}
Fields
name

string

Output only. The resource name of the SecretVersion in the format projects/*/secrets/*/versions/*.

SecretVersion IDs in a Secret start at 1 and are incremented for each subsequent version of the secret.

createTime

string (Timestamp format)

Output only. The time at which the SecretVersion was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

destroyTime

string (Timestamp format)

Output only. The time this SecretVersion was destroyed. Only present if state is DESTROYED.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

state

enum (State)

Output only. The current state of the SecretVersion.

replicationStatus

object (ReplicationStatus)

The replication status of the SecretVersion.

etag

string

Output only. Etag of the currently stored SecretVersion.

clientSpecifiedPayloadChecksum

boolean

Output only. True if payload checksum specified in SecretPayload object has been received by SecretManagerService on SecretManagerService.AddSecretVersion.

State

The state of a SecretVersion, indicating if it can be accessed.

Enums
STATE_UNSPECIFIED Not specified. This value is unused and invalid.
ENABLED The SecretVersion may be accessed.
DISABLED The SecretVersion may not be accessed, but the secret data is still available and can be placed back into the ENABLED state.
DESTROYED The SecretVersion is destroyed and the secret data is no longer stored. A version may not leave this state once entered.

ReplicationStatus

The replication status of a SecretVersion.

JSON representation
{

  // Union field replication_status can be only one of the following:
  "automatic": {
    object (AutomaticStatus)
  },
  "userManaged": {
    object (UserManagedStatus)
  }
  // End of list of possible types for union field replication_status.
}
Fields
Union field replication_status. The replication status of the SecretVersion. replication_status can be only one of the following:
automatic

object (AutomaticStatus)

Describes the replication status of a SecretVersion with automatic replication.

Only populated if the parent Secret has an automatic replication policy.

userManaged

object (UserManagedStatus)

Describes the replication status of a SecretVersion with user-managed replication.

Only populated if the parent Secret has a user-managed replication policy.

AutomaticStatus

The replication status of a SecretVersion using automatic replication.

Only populated if the parent Secret has an automatic replication policy.

JSON representation
{
  "customerManagedEncryption": {
    object (CustomerManagedEncryptionStatus)
  }
}
Fields
customerManagedEncryption

object (CustomerManagedEncryptionStatus)

Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.

CustomerManagedEncryptionStatus

Describes the status of customer-managed encryption.

JSON representation
{
  "kmsKeyVersionName": string
}
Fields
kmsKeyVersionName

string

Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*.

UserManagedStatus

The replication status of a SecretVersion using user-managed replication.

Only populated if the parent Secret has a user-managed replication policy.

JSON representation
{
  "replicas": [
    {
      object (ReplicaStatus)
    }
  ]
}
Fields
replicas[]

object (ReplicaStatus)

Output only. The list of replica statuses for the SecretVersion.

ReplicaStatus

Describes the status of a user-managed replica for the SecretVersion.

JSON representation
{
  "location": string,
  "customerManagedEncryption": {
    object (CustomerManagedEncryptionStatus)
  }
}
Fields
location

string

Output only. The canonical ID of the replica location. For example: "us-east1".

customerManagedEncryption

object (CustomerManagedEncryptionStatus)

Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.

Methods

access

Accesses a SecretVersion.

destroy

Destroys a SecretVersion.

disable

Disables a SecretVersion.

enable

Enables a SecretVersion.

get

Gets metadata for a SecretVersion.

list

Lists SecretVersions.