Create a parameter

This page describes how to create a parameter. A parameter acts as a dynamic variable for your application, holding key configuration values like database connection strings, feature flags, or service endpoints.

Parameters can store various types of data, including:

  • Structured data like YAML or JSON for organized, machine-readable information.
  • Unstructured data such as plain text or binary content.

You can create both global and regional parameters in Parameter Manager.

The following table explains the key differences between the global and regional parameters.

Feature Global parameters Regional parameters
Storage Stored centrally Stored within a specific location
Access Standard API endpoint Regional endpoint corresponding to the location of the parameter
Use cases

Parameters that apply to your application or service regardless of where the application or service is running:

  • Default language settings
  • API keys

Parameters that vary based on the location where your application is deployed:

  • Database connection strings for a regional database instance
  • Feature flags that are enabled or disabled for specific locations

Before you begin

  1. Prepare your environment for Parameter Manager.

  2. If you haven't already, then set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs.

    Select the tab for how you plan to use the samples on this page:

    gcloud

    In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

    REST

    To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

      Install the Google Cloud CLI, then initialize it by running the following command: 

      gcloud init

    For more information, see Authenticate for using REST in the Google Cloud authentication documentation.

Required roles

To get the permissions that you need to create a parameter, ask your administrator to grant you the Parameter Manager Admin (roles/parametermanager.parameterAdmin) IAM role on the project, folder, or organization. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Create a parameter to store structured data

To create a parameter for storing structured data, use the following command:

gcloud

Create a global parameter

Before using any of the command data below, make the following replacements:

  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.
  • FORMAT: the data type or format of the parameter's value, such as YAML or JSON.

Execute the following command:

Linux, macOS, or Cloud Shell

gcloud beta parametermanager parameters create PARAMETER_ID --location=global --parameter-format=FORMAT

Windows (PowerShell)

gcloud beta parametermanager parameters create PARAMETER_ID --location=global --parameter-format=FORMAT

Windows (cmd.exe)

gcloud beta parametermanager parameters create PARAMETER_ID --location=global --parameter-format=FORMAT

You should receive a response similar to the following:

Created parameter [app_config].

Create a regional parameter

Before using any of the command data below, make the following replacements:

  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.
  • LOCATION: the Google Cloud location of the parameter.
  • FORMAT: the data type or format of the parameter's value, such as YAML or JSON.

Execute the following command:

Linux, macOS, or Cloud Shell

gcloud beta parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=FORMAT

Windows (PowerShell)

gcloud beta parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=FORMAT

Windows (cmd.exe)

gcloud beta parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=FORMAT

You should receive a response similar to the following:

Created parameter [app_config].

REST

Create a global parameter

Before using any of the request data, make the following replacements:

  • PROJECT_ID: the Google Cloud project ID.
  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.

HTTP method and URL: 

POST https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID

Request JSON body: 

{"format": "YAML"}

To send your request, choose one of these options:

curl

Save the request body in a file named request.json, and execute the following command: 

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID"

PowerShell

Save the request body in a file named request.json, and execute the following command: 

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{
  "name": "projects/production-1/locations/global/parameters/app_config",
  "createTime": "2024-10-15T08:39:05.191747694Z",
  "updateTime": "2024-10-15T08:39:05.191747694Z",
  "format": "YAML",
  "policyMember": {
    "iamPolicyUidPrincipal": "principal://parametermanager.googleapis.com/projects/567445493557/uid/locations/global/parameters/c86ca5bc-f4c2-439d-b62c-d578b4b78b12"
  }
}

Create a regional parameter

Before using any of the request data, make the following replacements:

  • LOCATION: the Google Cloud location of the parameter.
  • PROJECT_ID: the Google Cloud project ID.
  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.

HTTP method and URL: 

POST https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID

Request JSON body: 

{"format": "YAML"}

To send your request, choose one of these options:

curl

Save the request body in a file named request.json, and execute the following command: 

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID"

PowerShell

Save the request body in a file named request.json, and execute the following command: 

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{
  "name": "projects/production-1/locations/us-central1/parameters/app_config",
  "createTime": "2024-10-30T05:27:28.934719122Z",
  "updateTime": "2024-10-30T05:27:28.934719122Z",
  "format": "YAML",
  "policyMember": {
    "iamPolicyUidPrincipal": "principal://parametermanager.googleapis.com/projects/463050620945/uid/locations/us-central1/parameters/6ffe4045-0778-490a-a786-d77b124e2613"
  }
}

Create a parameter to store unstructured data

To create a parameter for storing unstructured data, use the following command:

gcloud

Create a global parameter

Before using any of the command data below, make the following replacements:

  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.

Execute the following command:

Linux, macOS, or Cloud Shell

gcloud beta parametermanager parameters create PARAMETER_ID --location=global --parameter-format=UNFORMATTED

Windows (PowerShell)

gcloud beta parametermanager parameters create PARAMETER_ID --location=global --parameter-format=UNFORMATTED

Windows (cmd.exe)

gcloud beta parametermanager parameters create PARAMETER_ID --location=global --parameter-format=UNFORMATTED

You should receive a response similar to the following:

Created parameter [allowed_ip_ranges].

Create a regional parameter

Before using any of the command data below, make the following replacements:

  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.
  • LOCATION: the Google Cloud location of the parameter.

Execute the following command:

Linux, macOS, or Cloud Shell

gcloud beta parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=UNFORMATTED

Windows (PowerShell)

gcloud beta parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=UNFORMATTED

Windows (cmd.exe)

gcloud beta parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=UNFORMATTED

You should receive a response similar to the following:

Created parameter [allowed_ip_ranges].

REST

Create a global parameter

Before using any of the request data, make the following replacements:

  • PROJECT_ID: the Google Cloud project ID.
  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.

HTTP method and URL: 

POST https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID

Request JSON body: 

{"format": "UNFORMATTED"}

To send your request, choose one of these options:

curl

Save the request body in a file named request.json, and execute the following command: 

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID"

PowerShell

Save the request body in a file named request.json, and execute the following command: 

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{
  "name": "projects/production-1/locations/global/parameters/allowed_ip_ranges",
  "createTime": "2024-10-15T08:31:53.250487112Z",
  "updateTime": "2024-10-15T08:31:53.250487112Z",
  "format": "UNFORMATTED",
  "policyMember": {
    "iamPolicyUidPrincipal": "principal://parametermanager.googleapis.com/projects/567445493557/uid/locations/global/parameters/c0100d79-7c8d-4da3-8eb6-fe2a35843d9b"
  }
}

Create a regional parameter

Before using any of the request data, make the following replacements:

  • LOCATION: the Google Cloud location of the parameter.
  • PROJECT_ID: the Google Cloud project ID.
  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.

HTTP method and URL: 

POST https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID

Request JSON body: 

{"format": "UNFORMATTED"}

To send your request, choose one of these options:

curl

Save the request body in a file named request.json, and execute the following command: 

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID"

PowerShell

Save the request body in a file named request.json, and execute the following command: 

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{
  "name": "projects/production-1/locations/europe-west1/parameters/allowed_ip_ranges",
  "createTime": "2024-11-08T08:33:05.255559134Z",
  "updateTime": "2024-11-08T08:33:05.255559134Z",
  "format": "UNFORMATTED",
  "policyMember": {
    "iamPolicyUidPrincipal": "principal://parametermanager.googleapis.com/projects/609765466568/uid/locations/europe-west1/parameters/a7787f0d-b033-4f7e-aec0-e8ca4d0b1476"
  }
}

Built-in identities for parameters

Parameters are resource types with built-in identities. This means that each parameter has a unique identifier that distinguishes it from all other resources in your Google Cloud project. This unique identifier is automatically generated when you create a parameter and stored in the iamPolicyUidPrincipal field of the parameter resource.

You can grant roles to the parameter by including the resource's principal identifier in your allow policies when you want the parameter to access Secret Manager resources. For more information, see Built-in identities for resources.

What's next