Package google.cloud.secrets.v1beta1

Index

SecretManagerService (interface)
AccessSecretVersionRequest (message)
AccessSecretVersionResponse (message)
AddSecretVersionRequest (message)
CreateSecretRequest (message)
DeleteSecretRequest (message)
DestroySecretVersionRequest (message)
DisableSecretVersionRequest (message)
EnableSecretVersionRequest (message)
GetSecretRequest (message)
GetSecretVersionRequest (message)
ListSecretVersionsRequest (message)
ListSecretVersionsResponse (message)
ListSecretsRequest (message)
ListSecretsResponse (message)
Replication (message)
Replication.Automatic (message)
Replication.UserManaged (message)
Replication.UserManaged.Replica (message)
Secret (message)
SecretPayload (message)
SecretVersion (message)
SecretVersion.State (enum)
UpdateSecretRequest (message)

SecretManagerService

Secret Manager Service

Manages secrets and operations using those secrets. Implements a REST model with the following objects:

Secret
SecretVersion

AccessSecretVersion

AccessSecretVersion
`rpc AccessSecretVersion(AccessSecretVersionRequest) returns (AccessSecretVersionResponse)` Accesses a `SecretVersion`. This call returns the secret data. `projects//secrets//versions/latest` is an alias to the `latest` `SecretVersion`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc AccessSecretVersion(AccessSecretVersionRequest) returns (AccessSecretVersionResponse)

Accesses a SecretVersion. This call returns the secret data.

projects/*/secrets/*/versions/latest is an alias to the latest SecretVersion.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

AddSecretVersion

AddSecretVersion
`rpc AddSecretVersion(AddSecretVersionRequest) returns (SecretVersion)` Creates a new `SecretVersion` containing secret data and attaches it to an existing `Secret`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc AddSecretVersion(AddSecretVersionRequest) returns (SecretVersion)

Creates a new SecretVersion containing secret data and attaches it to an existing Secret.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateSecret

CreateSecret
`rpc CreateSecret(CreateSecretRequest) returns (Secret)` Creates a new `Secret` containing no `SecretVersions`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc CreateSecret(CreateSecretRequest) returns (Secret)

Creates a new Secret containing no SecretVersions.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteSecret

DeleteSecret
`rpc DeleteSecret(DeleteSecretRequest) returns (Empty)` Deletes a `Secret`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DeleteSecret(DeleteSecretRequest) returns (Empty)

Deletes a Secret.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DestroySecretVersion

DestroySecretVersion
`rpc DestroySecretVersion(DestroySecretVersionRequest) returns (SecretVersion)` Destroys a `SecretVersion`. Sets the `state` of the `SecretVersion` to `DESTROYED` and irrevocably destroys the secret data. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DestroySecretVersion(DestroySecretVersionRequest) returns (SecretVersion)

Destroys a SecretVersion.

Sets the state of the SecretVersion to DESTROYED and irrevocably destroys the secret data.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DisableSecretVersion

DisableSecretVersion
`rpc DisableSecretVersion(DisableSecretVersionRequest) returns (SecretVersion)` Disables a `SecretVersion`. Sets the `state` of the `SecretVersion` to `DISABLED`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DisableSecretVersion(DisableSecretVersionRequest) returns (SecretVersion)

Disables a SecretVersion.

Sets the state of the SecretVersion to DISABLED.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

EnableSecretVersion

EnableSecretVersion
`rpc EnableSecretVersion(EnableSecretVersionRequest) returns (SecretVersion)` Enables a `SecretVersion`. Sets the `state` of the `SecretVersion` to `ENABLED`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc EnableSecretVersion(EnableSecretVersionRequest) returns (SecretVersion)

Enables a SecretVersion.

Sets the state of the SecretVersion to ENABLED.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetIamPolicy

GetIamPolicy
`rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy)` Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy)

Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetSecret

GetSecret
`rpc GetSecret(GetSecretRequest) returns (Secret)` Gets metadata for a given `Secret`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetSecret(GetSecretRequest) returns (Secret)

Gets metadata for a given Secret.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetSecretVersion

GetSecretVersion
`rpc GetSecretVersion(GetSecretVersionRequest) returns (SecretVersion)` Gets metadata for a `SecretVersion`. `projects//secrets//versions/latest` is an alias to the `latest` `SecretVersion`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetSecretVersion(GetSecretVersionRequest) returns (SecretVersion)

Gets metadata for a SecretVersion.

projects/*/secrets/*/versions/latest is an alias to the latest SecretVersion.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListSecretVersions

ListSecretVersions
`rpc ListSecretVersions(ListSecretVersionsRequest) returns (ListSecretVersionsResponse)` Lists `SecretVersions`. This call does not return secret data. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ListSecretVersions(ListSecretVersionsRequest) returns (ListSecretVersionsResponse)

Lists SecretVersions. This call does not return secret data.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListSecrets

ListSecrets
`rpc ListSecrets(ListSecretsRequest) returns (ListSecretsResponse)` Lists `Secrets`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ListSecrets(ListSecretsRequest) returns (ListSecretsResponse)

Lists Secrets.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

SetIamPolicy

SetIamPolicy
`rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy)` Sets the access control policy on the specified secret. Replaces any existing policy. Permissions on `SecretVersions` are enforced according to the policy set on the associated `Secret`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy)

Sets the access control policy on the specified secret. Replaces any existing policy.

Permissions on SecretVersions are enforced according to the policy set on the associated Secret.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

TestIamPermissions

TestIamPermissions
`rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse)` Returns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse)

Returns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateSecret

UpdateSecret
`rpc UpdateSecret(UpdateSecretRequest) returns (Secret)` Updates metadata of an existing `Secret`. Authorization Scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc UpdateSecret(UpdateSecretRequest) returns (Secret)

Updates metadata of an existing Secret.

Authorization Scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

AccessSecretVersionRequest

Request message for SecretManagerService.AccessSecretVersion.

Fields

Fields
`name`	`string` Required. The resource name of the `SecretVersion` in the format `projects//secrets//versions/*`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.versions.access`

name

string

Required. The resource name of the SecretVersion in the format projects/*/secrets/*/versions/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.versions.access

AccessSecretVersionResponse

Response message for SecretManagerService.AccessSecretVersion.

Fields

Fields
`name`	`string` The resource name of the `SecretVersion` in the format `projects//secrets//versions/*`.
`payload`	`SecretPayload` Secret payload

name

string

The resource name of the SecretVersion in the format projects/*/secrets/*/versions/*.

payload

SecretPayload

Secret payload

AddSecretVersionRequest

Request message for SecretManagerService.AddSecretVersion.

Fields

Fields
`parent`	`string` Required. The resource name of the `Secret` to associate with the `SecretVersion` in the format `projects//secrets/`. Authorization requires the following IAM permission on the specified resource `parent`: `secretmanager.versions.add`
`payload`	`SecretPayload` Required. The secret payload of the `SecretVersion`.

parent

string

Required. The resource name of the Secret to associate with the SecretVersion in the format projects/*/secrets/*.

Authorization requires the following IAM permission on the specified resource parent:

secretmanager.versions.add

payload

SecretPayload

Required. The secret payload of the SecretVersion.

CreateSecretRequest

Request message for SecretManagerService.CreateSecret.

Fields

Fields
`parent`	`string` Required. The resource name of the project to associate with the `Secret`, in the format `projects/*`. Authorization requires the following IAM permission on the specified resource `parent`: `secretmanager.secrets.create`
`secret_id`	`string` Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore (`_`) characters.
`secret`	`Secret` Required. A `Secret` with initial field values.

parent

string

Required. The resource name of the project to associate with the Secret, in the format projects/*.

Authorization requires the following IAM permission on the specified resource parent:

secretmanager.secrets.create

secret_id

string

Required. This must be unique within the project.

A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (-) and underscore (_) characters.

secret

Secret

Required. A Secret with initial field values.

DeleteSecretRequest

Request message for SecretManagerService.DeleteSecret.

Fields

Fields
`name`	`string` Required. The resource name of the `Secret` to delete in the format `projects//secrets/`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.secrets.delete`

name

string

Required. The resource name of the Secret to delete in the format projects/*/secrets/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.secrets.delete

DestroySecretVersionRequest

Request message for SecretManagerService.DestroySecretVersion.

Fields

Fields
`name`	`string` Required. The resource name of the `SecretVersion` to destroy in the format `projects//secrets//versions/*`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.versions.destroy`

name

string

Required. The resource name of the SecretVersion to destroy in the format projects/*/secrets/*/versions/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.versions.destroy

DisableSecretVersionRequest

Request message for SecretManagerService.DisableSecretVersion.

Fields

Fields
`name`	`string` Required. The resource name of the `SecretVersion` to disable in the format `projects//secrets//versions/*`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.secrets.disable`

name

string

Required. The resource name of the SecretVersion to disable in the format projects/*/secrets/*/versions/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.secrets.disable

EnableSecretVersionRequest

Request message for SecretManagerService.EnableSecretVersion.

Fields

Fields
`name`	`string` Required. The resource name of the `SecretVersion` to enable in the format `projects//secrets//versions/*`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.secrets.enable`

name

string

Required. The resource name of the SecretVersion to enable in the format projects/*/secrets/*/versions/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.secrets.enable

GetSecretRequest

Request message for SecretManagerService.GetSecret.

Fields

Fields
`name`	`string` Required. The resource name of the `Secret`, in the format `projects//secrets/`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.secrets.get`

name

string

Required. The resource name of the Secret, in the format projects/*/secrets/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.secrets.get

GetSecretVersionRequest

Request message for SecretManagerService.GetSecretVersion.

Fields

Fields
`name`	`string` Required. The resource name of the `SecretVersion` in the format `projects//secrets//versions/`. `projects//secrets/*/versions/latest` is an alias to the `latest` `SecretVersion`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.versions.get`

name

string

Required. The resource name of the SecretVersion in the format projects/*/secrets/*/versions/*. projects/*/secrets/*/versions/latest is an alias to the latest SecretVersion.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.versions.get

ListSecretVersionsRequest

Request message for SecretManagerService.ListSecretVersions.

Fields

Fields
`parent`	`string` Required. The resource name of the `Secret` associated with the `SecretVersions` to list, in the format `projects//secrets/`. Authorization requires the following IAM permission on the specified resource `parent`: `secretmanager.versions.list`
`page_size`	`int32` Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
`page_token`	`string` Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].

parent

string

Required. The resource name of the Secret associated with the SecretVersions to list, in the format projects/*/secrets/*.

Authorization requires the following IAM permission on the specified resource parent:

secretmanager.versions.list

page_size

int32

Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.

page_token

string

Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].

ListSecretVersionsResponse

Response message for SecretManagerService.ListSecretVersions.

Fields

Fields
`versions[]`	`SecretVersion` The list of `SecretVersions` sorted in reverse by create_time (newest first).
`next_page_token`	`string` A token to retrieve the next page of results. Pass this value in `ListSecretVersionsRequest.page_token` to retrieve the next page.
`total_size`	`int32` The total number of `SecretVersions`.

versions[]

SecretVersion

The list of SecretVersions sorted in reverse by create_time (newest first).

next_page_token

string

A token to retrieve the next page of results. Pass this value in ListSecretVersionsRequest.page_token to retrieve the next page.

total_size

int32

The total number of SecretVersions.

ListSecretsRequest

Request message for SecretManagerService.ListSecrets.

Fields

Fields
`parent`	`string` Required. The resource name of the project associated with the `Secrets`, in the format `projects/*`. Authorization requires the following IAM permission on the specified resource `parent`: `secretmanager.secrets.list`
`page_size`	`int32` Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
`page_token`	`string` Optional. Pagination token, returned earlier via `ListSecretsResponse.next_page_token`.

parent

string

Required. The resource name of the project associated with the Secrets, in the format projects/*.

Authorization requires the following IAM permission on the specified resource parent:

secretmanager.secrets.list

page_size

int32

Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.

page_token

string

Optional. Pagination token, returned earlier via ListSecretsResponse.next_page_token.

ListSecretsResponse

Response message for SecretManagerService.ListSecrets.

Fields

Fields
`secrets[]`	`Secret` The list of `Secrets` sorted in reverse by create_time (newest first).
`next_page_token`	`string` A token to retrieve the next page of results. Pass this value in `ListSecretsRequest.page_token` to retrieve the next page.
`total_size`	`int32` The total number of `Secrets`.

secrets[]

Secret

The list of Secrets sorted in reverse by create_time (newest first).

next_page_token

string

A token to retrieve the next page of results. Pass this value in ListSecretsRequest.page_token to retrieve the next page.

total_size

int32

The total number of Secrets.

Replication

A policy that defines the replication configuration of data.

Fields

Fields
Union field `replication`. The replication policy for this secret. `replication` can be only one of the following:
`automatic`	`Automatic` The `Secret` will automatically be replicated without any restrictions.
`user_managed`	`UserManaged` The `Secret` will only be replicated into the locations specified.

Union field replication. The replication policy for this secret. replication can be only one of the following:

automatic

Automatic

The Secret will automatically be replicated without any restrictions.

user_managed

UserManaged

The Secret will only be replicated into the locations specified.

Automatic

A replication policy that replicates the Secret payload without any restrictions.

UserManaged

A replication policy that replicates the Secret payload into the locations specified in [Secret.replication.user_managed.replicas][]

Fields

Fields
`replicas[]`	`Replica` Required. The list of Replicas for this `Secret`. Cannot be empty.

replicas[]

Replica

Required. The list of Replicas for this Secret.

Cannot be empty.

Replica

Represents a Replica for this Secret.

Fields

Fields
`location`	`string` The canonical IDs of the location to replicate data. For example: `"us-east1"`.

location

string

The canonical IDs of the location to replicate data. For example: "us-east1".

Secret

A Secret is a logical secret whose value and versions can be accessed.

A Secret is made up of zero or more SecretVersions that represent the secret data.

Fields
`name`	`string` Output only. The resource name of the `Secret` in the format `projects//secrets/`.
`replication`	`Replication` Required. Immutable. The replication policy of the secret data attached to the `Secret`. The replication policy cannot be changed after the Secret has been created.
`create_time`	`Timestamp` Output only. The time at which the `Secret` was created.
`labels`	`map<string, string>` The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.

SecretPayload

A secret payload resource in the Secret Manager API. This contains the sensitive secret data that is associated with a SecretVersion.

Fields

Fields
`data`	`bytes` The secret data. Must be no larger than 64KiB.

data

bytes

The secret data. Must be no larger than 64KiB.

SecretVersion

A secret version resource in the Secret Manager API.

Fields
`name`	`string` Output only. The resource name of the `SecretVersion` in the format `projects//secrets//versions/*`. `SecretVersion` IDs in a `Secret` start at 1 and are incremented for each subsequent version of the secret.
`create_time`	`Timestamp` Output only. The time at which the `SecretVersion` was created.
`destroy_time`	`Timestamp` Output only. The time this `SecretVersion` was destroyed. Only present if `state` is `DESTROYED`.
`state`	`State` Output only. The current state of the `SecretVersion`.

State

The state of a SecretVersion, indicating if it can be accessed.

Enums
`STATE_UNSPECIFIED`	Not specified. This value is unused and invalid.
`ENABLED`	The `SecretVersion` may be accessed.
`DISABLED`	The `SecretVersion` may not be accessed, but the secret data is still available and can be placed back into the `ENABLED` state.
`DESTROYED`	The `SecretVersion` is destroyed and the secret data is no longer stored. A version may not leave this state once entered.

UpdateSecretRequest

Request message for SecretManagerService.UpdateSecret.

Fields

Fields
`secret`	`Secret` Required. `Secret` with updated field values. Authorization requires the following IAM permission on the specified resource `secret`: `secretmanager.secrets.update`
`update_mask`	`FieldMask` Required. Specifies the fields to be updated.

secret

Secret

Required. Secret with updated field values.

Authorization requires the following IAM permission on the specified resource secret:

secretmanager.secrets.update

update_mask

FieldMask

Required. Specifies the fields to be updated.