secrets
Creates, updates, deletes, gets or lists a secrets resource.
Overview
| Name | secrets |
| Type | Resource |
| Id | google.secretmanager.secrets |
Fields
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name of the Secret in the format projects/*/secrets/*. |
annotations | object | Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB. |
createTime | string | Output only. The time at which the Secret was created. |
customerManagedEncryption | object | Configuration for encrypting secret payloads using customer-managed encryption keys (CMEK). |
etag | string | Optional. Etag of the currently stored Secret. |
expireTime | string | Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. |
labels | object | The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: \p{Ll}\p{Lo}{0,62} Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} No more than 64 labels can be assigned to a given resource. |
replication | object | A policy that defines the replication and encryption configuration of data. |
rotation | object | The rotation time and period for a Secret. At next_rotation_time, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. Secret.topics must be set to configure rotation. |
topics | array | Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. |
ttl | string | Input only. The TTL for the Secret. |
versionAliases | object | Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. Access by alias is only be supported on GetSecretVersion and AccessSecretVersion. |
versionDestroyTtl | string | Optional. Secret Version TTL after destruction request This is a part of the Delayed secret version destroy feature. For secret with TTL>0, version destruction doesn't happen immediately on calling destroy instead the version goes to a disabled state and destruction happens after the TTL expires. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | projectsId, secretsId | Gets metadata for a given Secret. |
list | SELECT | projectsId | Lists Secrets. |
create | INSERT | projectsId | Creates a new Secret containing no SecretVersions. |
delete | DELETE | projectsId, secretsId | Deletes a Secret. |
patch | UPDATE | projectsId, secretsId | Updates metadata of an existing Secret. |
SELECT examples
Lists Secrets.
SELECT
name,
annotations,
createTime,
customerManagedEncryption,
etag,
expireTime,
labels,
replication,
rotation,
topics,
ttl,
versionAliases,
versionDestroyTtl
FROM google.secretmanager.secrets
WHERE projectsId = '{{ projectsId }}';
INSERT example
Use the following StackQL query and manifest file to create a new secrets resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO google.secretmanager.secrets (
projectsId,
replication,
labels,
topics,
expireTime,
ttl,
etag,
rotation,
versionAliases,
annotations,
versionDestroyTtl,
customerManagedEncryption
)
SELECT
'{{ projectsId }}',
'{{ replication }}',
'{{ labels }}',
'{{ topics }}',
'{{ expireTime }}',
'{{ ttl }}',
'{{ etag }}',
'{{ rotation }}',
'{{ versionAliases }}',
'{{ annotations }}',
'{{ versionDestroyTtl }}',
'{{ customerManagedEncryption }}'
;
- name: your_resource_model_name
props:
- name: name
value: string
- name: replication
value:
- name: automatic
value:
- name: customerManagedEncryption
value:
- name: kmsKeyName
value: string
- name: userManaged
value:
- name: replicas
value:
- - name: location
value: string
- name: createTime
value: string
- name: labels
value: object
- name: topics
value:
- - name: name
value: string
- name: expireTime
value: string
- name: ttl
value: string
- name: etag
value: string
- name: rotation
value:
- name: nextRotationTime
value: string
- name: rotationPeriod
value: string
- name: versionAliases
value: object
- name: annotations
value: object
- name: versionDestroyTtl
value: string
UPDATE example
Updates a secrets resource.
/*+ update */
UPDATE google.secretmanager.secrets
SET
replication = '{{ replication }}',
labels = '{{ labels }}',
topics = '{{ topics }}',
expireTime = '{{ expireTime }}',
ttl = '{{ ttl }}',
etag = '{{ etag }}',
rotation = '{{ rotation }}',
versionAliases = '{{ versionAliases }}',
annotations = '{{ annotations }}',
versionDestroyTtl = '{{ versionDestroyTtl }}',
customerManagedEncryption = '{{ customerManagedEncryption }}'
WHERE
projectsId = '{{ projectsId }}'
AND secretsId = '{{ secretsId }}';
DELETE example
Deletes the specified secrets resource.
/*+ delete */
DELETE FROM google.secretmanager.secrets
WHERE projectsId = '{{ projectsId }}'
AND secretsId = '{{ secretsId }}';