Connector for Secret Manager
Stay organized with collections
Save and categorize content based on your preferences.
Workflows connector that defines the built-in function used to access Secret Manager within a workflow.
Explore further
For detailed documentation that includes this code sample, see the following:
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Connector for Secret Manager\n\nWorkflows connector that defines the built-in function used to access Secret Manager within a workflow.\n\nExplore further\n---------------\n\n\nFor detailed documentation that includes this code sample, see the following:\n\n- [Secret Manager API Connector Overview](/workflows/docs/reference/googleapis/secretmanager/Overview)\n- [Secure and store sensitive data using the Secret Manager connector](/workflows/docs/use-secret-manager)\n\nCode sample\n-----------\n\n### YAML\n\n # This workflow demonstrates how to use the Secret Manager connector:\n # Retrieve a secret using three different methods\n # Expected output: the secret data (thrice)\n - init:\n assign:\n - project_id: ${sys.get_env(\"GOOGLE_CLOUD_PROJECT_ID\")}\n - secret_id: \"test-secret\" # Make sure you have this secret and it has a version of 1.\n - version: \"1\"\n # Add data to an existing secret without base-64 encoding\n - add_version_string:\n call: googleapis.secretmanager.v1.projects.secrets.addVersionString\n args:\n secret_id: ${secret_id}\n project_id: ${project_id}\n data: \"a new secret\"\n # Retrieve the secret in string format without base-64 decoding and assume\n # that the secret data is a valid UTF-8 string; if not, raise an error\n - access_string_secret:\n call: googleapis.secretmanager.v1.projects.secrets.versions.accessString\n args:\n secret_id: ${secret_id}\n version: ${version} # if not set, \"latest\" is used\n project_id: ${project_id}\n result: str_secret\n # Retrieve the secret in string format without base-64 decoding\n - access_secret:\n call: googleapis.secretmanager.v1.projects.secrets.versions.access\n args:\n name: ${\"projects/\" + project_id + \"/secrets/\" + secret_id + \"/versions/\" + version}\n result: base64_encoded_secret\n # Retrieve the secret using positional arguments in an expression\n - expression:\n assign:\n - secret_str_from_exp: ${googleapis.secretmanager.v1.projects.secrets.versions.accessString(secret_id, version, project_id)}\n - the_end:\n return:\n - ${str_secret}\n - ${text.decode(base64.decode(base64_encoded_secret.payload.data))}\n - ${secret_str_from_exp}\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=workflows)."]]