Package google.cloud.secretmanager.v1

Index

SecretManagerService (interface)
AccessSecretVersionRequest (message)
AccessSecretVersionResponse (message)
AddSecretVersionRequest (message)
CreateSecretRequest (message)
CustomerManagedEncryption (message)
CustomerManagedEncryptionStatus (message)
DeleteSecretRequest (message)
DestroySecretVersionRequest (message)
DisableSecretVersionRequest (message)
EnableSecretVersionRequest (message)
GetSecretRequest (message)
GetSecretVersionRequest (message)
ListSecretVersionsRequest (message)
ListSecretVersionsResponse (message)
ListSecretsRequest (message)
ListSecretsResponse (message)
Replication (message)
Replication.Automatic (message)
Replication.UserManaged (message)
Replication.UserManaged.Replica (message)
ReplicationStatus (message)
ReplicationStatus.AutomaticStatus (message)
ReplicationStatus.UserManagedStatus (message)
ReplicationStatus.UserManagedStatus.ReplicaStatus (message)
Rotation (message)
Secret (message)
SecretPayload (message)
SecretVersion (message)
SecretVersion.State (enum)
Topic (message)
UpdateSecretRequest (message)

SecretManagerService

Secret Manager Service

Manages secrets and operations using those secrets. Implements a REST model with the following objects:

Secret
SecretVersion

AccessSecretVersion

AccessSecretVersion
`rpc AccessSecretVersion(AccessSecretVersionRequest) returns (AccessSecretVersionResponse)` Accesses a `SecretVersion`. This call returns the secret data. `projects//secrets//versions/latest` is an alias to the most recently created `SecretVersion`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc AccessSecretVersion(AccessSecretVersionRequest) returns (AccessSecretVersionResponse)

Accesses a SecretVersion. This call returns the secret data.

projects/*/secrets/*/versions/latest is an alias to the most recently created SecretVersion.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

AddSecretVersion

AddSecretVersion
`rpc AddSecretVersion(AddSecretVersionRequest) returns (SecretVersion)` Creates a new `SecretVersion` containing secret data and attaches it to an existing `Secret`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc AddSecretVersion(AddSecretVersionRequest) returns (SecretVersion)

Creates a new SecretVersion containing secret data and attaches it to an existing Secret.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateSecret

CreateSecret
`rpc CreateSecret(CreateSecretRequest) returns (Secret)` Creates a new `Secret` containing no `SecretVersions`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc CreateSecret(CreateSecretRequest) returns (Secret)

Creates a new Secret containing no SecretVersions.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteSecret

DeleteSecret
`rpc DeleteSecret(DeleteSecretRequest) returns (Empty)` Deletes a `Secret`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DeleteSecret(DeleteSecretRequest) returns (Empty)

Deletes a Secret.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DestroySecretVersion

DestroySecretVersion
`rpc DestroySecretVersion(DestroySecretVersionRequest) returns (SecretVersion)` Destroys a `SecretVersion`. Sets the `state` of the `SecretVersion` to `DESTROYED` and irrevocably destroys the secret data. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DestroySecretVersion(DestroySecretVersionRequest) returns (SecretVersion)

Destroys a SecretVersion.

Sets the state of the SecretVersion to DESTROYED and irrevocably destroys the secret data.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DisableSecretVersion

DisableSecretVersion
`rpc DisableSecretVersion(DisableSecretVersionRequest) returns (SecretVersion)` Disables a `SecretVersion`. Sets the `state` of the `SecretVersion` to `DISABLED`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc DisableSecretVersion(DisableSecretVersionRequest) returns (SecretVersion)

Disables a SecretVersion.

Sets the state of the SecretVersion to DISABLED.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

EnableSecretVersion

EnableSecretVersion
`rpc EnableSecretVersion(EnableSecretVersionRequest) returns (SecretVersion)` Enables a `SecretVersion`. Sets the `state` of the `SecretVersion` to `ENABLED`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc EnableSecretVersion(EnableSecretVersionRequest) returns (SecretVersion)

Enables a SecretVersion.

Sets the state of the SecretVersion to ENABLED.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetIamPolicy

GetIamPolicy
`rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy)` Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetIamPolicy(GetIamPolicyRequest) returns (Policy)

Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetSecret

GetSecret
`rpc GetSecret(GetSecretRequest) returns (Secret)` Gets metadata for a given `Secret`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetSecret(GetSecretRequest) returns (Secret)

Gets metadata for a given Secret.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetSecretVersion

GetSecretVersion
`rpc GetSecretVersion(GetSecretVersionRequest) returns (SecretVersion)` Gets metadata for a `SecretVersion`. `projects//secrets//versions/latest` is an alias to the most recently created `SecretVersion`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc GetSecretVersion(GetSecretVersionRequest) returns (SecretVersion)

Gets metadata for a SecretVersion.

projects/*/secrets/*/versions/latest is an alias to the most recently created SecretVersion.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListSecretVersions

ListSecretVersions
`rpc ListSecretVersions(ListSecretVersionsRequest) returns (ListSecretVersionsResponse)` Lists `SecretVersions`. This call does not return secret data. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ListSecretVersions(ListSecretVersionsRequest) returns (ListSecretVersionsResponse)

Lists SecretVersions. This call does not return secret data.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListSecrets

ListSecrets
`rpc ListSecrets(ListSecretsRequest) returns (ListSecretsResponse)` Lists `Secrets`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc ListSecrets(ListSecretsRequest) returns (ListSecretsResponse)

Lists Secrets.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

SetIamPolicy

SetIamPolicy
`rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy)` Sets the access control policy on the specified secret. Replaces any existing policy. Permissions on `SecretVersions` are enforced according to the policy set on the associated `Secret`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc SetIamPolicy(SetIamPolicyRequest) returns (Policy)

Sets the access control policy on the specified secret. Replaces any existing policy.

Permissions on SecretVersions are enforced according to the policy set on the associated Secret.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

TestIamPermissions

TestIamPermissions
`rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse)` Returns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc TestIamPermissions(TestIamPermissionsRequest) returns (TestIamPermissionsResponse)

Returns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateSecret

UpdateSecret
`rpc UpdateSecret(UpdateSecretRequest) returns (Secret)` Updates metadata of an existing `Secret`. Authorization scopes Requires the following OAuth scope: `https://www.googleapis.com/auth/cloud-platform` For more information, see the Authentication Overview.

rpc UpdateSecret(UpdateSecretRequest) returns (Secret)

Updates metadata of an existing Secret.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

AccessSecretVersionRequest

Request message for SecretManagerService.AccessSecretVersion.

Fields

Fields
`name`	`string` Required. The resource name of the `SecretVersion` in the format `projects//secrets//versions/` or `projects//locations//secrets//versions/`. `projects//secrets//versions/latest` or `projects//locations//secrets//versions/latest` is an alias to the most recently created `SecretVersion`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.versions.access`

name

string

Required. The resource name of the SecretVersion in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

projects/*/secrets/*/versions/latest or projects/*/locations/*/secrets/*/versions/latest is an alias to the most recently created SecretVersion.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.versions.access

AccessSecretVersionResponse

Response message for SecretManagerService.AccessSecretVersion.

Fields

Fields
`name`	`string` The resource name of the `SecretVersion` in the format `projects//secrets//versions/` or `projects//locations//secrets//versions/*`.
`payload`	`SecretPayload` Secret payload

name

string

The resource name of the SecretVersion in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

payload

SecretPayload

Secret payload

AddSecretVersionRequest

Request message for SecretManagerService.AddSecretVersion.

Fields

Fields
`parent`	`string` Required. The resource name of the `Secret` to associate with the `SecretVersion` in the format `projects//secrets/` or `projects//locations//secrets/*`. Authorization requires the following IAM permission on the specified resource `parent`: `secretmanager.versions.add`
`payload`	`SecretPayload` Required. The secret payload of the `SecretVersion`.

parent

string

Required. The resource name of the Secret to associate with the SecretVersion in the format projects/*/secrets/* or projects/*/locations/*/secrets/*.

Authorization requires the following IAM permission on the specified resource parent:

secretmanager.versions.add

payload

SecretPayload

Required. The secret payload of the SecretVersion.

CreateSecretRequest

Request message for SecretManagerService.CreateSecret.

Fields

Fields
`parent`	`string` Required. The resource name of the project to associate with the `Secret`, in the format `projects/` or `projects//locations/*`. Authorization requires the following IAM permission on the specified resource `parent`: `secretmanager.secrets.create`
`secret_id`	`string` Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore (`_`) characters.
`secret`	`Secret` Required. A `Secret` with initial field values.

parent

string

Required. The resource name of the project to associate with the Secret, in the format projects/* or projects/*/locations/*.

Authorization requires the following IAM permission on the specified resource parent:

secretmanager.secrets.create

secret_id

string

Required. This must be unique within the project.

A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (-) and underscore (_) characters.

secret

Secret

Required. A Secret with initial field values.

CustomerManagedEncryption

Configuration for encrypting secret payloads using customer-managed encryption keys (CMEK).

Fields

Fields
`kms_key_name`	`string` Required. The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the `UserManaged` replication policy type, Cloud KMS CryptoKeys must reside in the same location as the [replica location][Secret.UserManaged.Replica.location]. For secrets using the `Automatic` replication policy type, Cloud KMS CryptoKeys must reside in `global`. The expected format is `projects//locations//keyRings//cryptoKeys/`.

kms_key_name

string

Required. The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.

For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the [replica location][Secret.UserManaged.Replica.location].

For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in global.

The expected format is projects/*/locations/*/keyRings/*/cryptoKeys/*.

CustomerManagedEncryptionStatus

Describes the status of customer-managed encryption.

Fields

Fields
`kms_key_version_name`	`string` Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects//locations//keyRings//cryptoKeys//versions/*`.

kms_key_version_name

string

Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*.

DeleteSecretRequest

Request message for SecretManagerService.DeleteSecret.

Fields

Fields
`name`	`string` Required. The resource name of the `Secret` to delete in the format `projects//secrets/`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.secrets.delete`
`etag`	`string` Optional. Etag of the `Secret`. The request succeeds if it matches the etag of the currently stored secret object. If the etag is omitted, the request succeeds.

name

string

Required. The resource name of the Secret to delete in the format projects/*/secrets/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.secrets.delete

etag

string

Optional. Etag of the Secret. The request succeeds if it matches the etag of the currently stored secret object. If the etag is omitted, the request succeeds.

DestroySecretVersionRequest

Request message for SecretManagerService.DestroySecretVersion.

Fields

Fields
`name`	`string` Required. The resource name of the `SecretVersion` to destroy in the format `projects//secrets//versions/` or `projects//locations//secrets//versions/*`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.versions.destroy`
`etag`	`string` Optional. Etag of the `SecretVersion`. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.

name

string

Required. The resource name of the SecretVersion to destroy in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.versions.destroy

etag

string

Optional. Etag of the SecretVersion. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.

DisableSecretVersionRequest

Request message for SecretManagerService.DisableSecretVersion.

Fields

Fields
`name`	`string` Required. The resource name of the `SecretVersion` to disable in the format `projects//secrets//versions/` or `projects//locations//secrets//versions/*`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.secrets.disable`
`etag`	`string` Optional. Etag of the `SecretVersion`. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.

name

string

Required. The resource name of the SecretVersion to disable in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.secrets.disable

etag

string

Optional. Etag of the SecretVersion. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.

EnableSecretVersionRequest

Request message for SecretManagerService.EnableSecretVersion.

Fields

Fields
`name`	`string` Required. The resource name of the `SecretVersion` to enable in the format `projects//secrets//versions/` or `projects//locations//secrets//versions/*`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.secrets.enable`
`etag`	`string` Optional. Etag of the `SecretVersion`. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.

name

string

Required. The resource name of the SecretVersion to enable in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.secrets.enable

etag

string

Optional. Etag of the SecretVersion. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.

GetSecretRequest

Request message for SecretManagerService.GetSecret.

Fields

Fields
`name`	`string` Required. The resource name of the `Secret`, in the format `projects//secrets/` or `projects//locations//secrets/*`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.secrets.get`

name

string

Required. The resource name of the Secret, in the format projects/*/secrets/* or projects/*/locations/*/secrets/*.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.secrets.get

GetSecretVersionRequest

Request message for SecretManagerService.GetSecretVersion.

Fields

Fields
`name`	`string` Required. The resource name of the `SecretVersion` in the format `projects//secrets//versions/` or `projects//locations//secrets//versions/`. `projects//secrets//versions/latest` or `projects//locations//secrets//versions/latest` is an alias to the most recently created `SecretVersion`. Authorization requires the following IAM permission on the specified resource `name`: `secretmanager.versions.get`

name

string

Required. The resource name of the SecretVersion in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

projects/*/secrets/*/versions/latest or projects/*/locations/*/secrets/*/versions/latest is an alias to the most recently created SecretVersion.

Authorization requires the following IAM permission on the specified resource name:

secretmanager.versions.get

ListSecretVersionsRequest

Request message for SecretManagerService.ListSecretVersions.

Fields
`parent`	`string` Required. The resource name of the `Secret` associated with the `SecretVersions` to list, in the format `projects//secrets/` or `projects//locations//secrets/*`. Authorization requires the following IAM permission on the specified resource `parent`: `secretmanager.versions.list`
`page_size`	`int32` Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
`page_token`	`string` Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].
`filter`	`string` Optional. Filter string, adhering to the rules in List-operation filtering. List only secret versions matching the filter. If filter is empty, all secret versions are listed.

ListSecretVersionsResponse

Response message for SecretManagerService.ListSecretVersions.

Fields

Fields
`versions[]`	`SecretVersion` The list of `SecretVersions` sorted in reverse by create_time (newest first).
`next_page_token`	`string` A token to retrieve the next page of results. Pass this value in `ListSecretVersionsRequest.page_token` to retrieve the next page.
`total_size`	`int32` The total number of `SecretVersions` but 0 when the `ListSecretsRequest.filter` field is set.

versions[]

SecretVersion

The list of SecretVersions sorted in reverse by create_time (newest first).

next_page_token

string

A token to retrieve the next page of results. Pass this value in ListSecretVersionsRequest.page_token to retrieve the next page.

total_size

int32

The total number of SecretVersions but 0 when the ListSecretsRequest.filter field is set.

ListSecretsRequest

Request message for SecretManagerService.ListSecrets.

Fields
`parent`	`string` Required. The resource name of the project associated with the `Secrets`, in the format `projects/` or `projects//locations/*` Authorization requires the following IAM permission on the specified resource `parent`: `secretmanager.secrets.list`
`page_size`	`int32` Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
`page_token`	`string` Optional. Pagination token, returned earlier via `ListSecretsResponse.next_page_token`.
`filter`	`string` Optional. Filter string, adhering to the rules in List-operation filtering. List only secrets matching the filter. If filter is empty, all secrets are listed.

ListSecretsResponse

Response message for SecretManagerService.ListSecrets.

Fields

Fields
`secrets[]`	`Secret` The list of `Secrets` sorted in reverse by create_time (newest first).
`next_page_token`	`string` A token to retrieve the next page of results. Pass this value in `ListSecretsRequest.page_token` to retrieve the next page.
`total_size`	`int32` The total number of `Secrets` but 0 when the `ListSecretsRequest.filter` field is set.

secrets[]

Secret

The list of Secrets sorted in reverse by create_time (newest first).

next_page_token

string

A token to retrieve the next page of results. Pass this value in ListSecretsRequest.page_token to retrieve the next page.

total_size

int32

The total number of Secrets but 0 when the ListSecretsRequest.filter field is set.

Replication

A policy that defines the replication and encryption configuration of data.

Fields

Fields
Union field `replication`. The replication policy for this secret. `replication` can be only one of the following:
`automatic`	`Automatic` The `Secret` will automatically be replicated without any restrictions.
`user_managed`	`UserManaged` The `Secret` will only be replicated into the locations specified.

Union field replication. The replication policy for this secret. replication can be only one of the following:

automatic

Automatic

The Secret will automatically be replicated without any restrictions.

user_managed

UserManaged

The Secret will only be replicated into the locations specified.

Automatic

A replication policy that replicates the Secret payload without any restrictions.

Fields

Fields
`customer_managed_encryption`	`CustomerManagedEncryption` Optional. The customer-managed encryption configuration of the `Secret`. If no configuration is provided, Google-managed default encryption is used. Updates to the `Secret` encryption configuration only apply to `SecretVersions` added afterwards. They do not apply retroactively to existing `SecretVersions`.

customer_managed_encryption

CustomerManagedEncryption

Optional. The customer-managed encryption configuration of the Secret. If no configuration is provided, Google-managed default encryption is used.

Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.

UserManaged

A replication policy that replicates the Secret payload into the locations specified in [Secret.replication.user_managed.replicas][]

Fields

Fields
`replicas[]`	`Replica` Required. The list of Replicas for this `Secret`. Cannot be empty.

replicas[]

Replica

Required. The list of Replicas for this Secret.

Cannot be empty.

Replica

Represents a Replica for this Secret.

Fields

Fields
`location`	`string` The canonical IDs of the location to replicate data. For example: `"us-east1"`.
`customer_managed_encryption`	`CustomerManagedEncryption` Optional. The customer-managed encryption configuration of the [User-Managed Replica][Replication.UserManaged.Replica]. If no configuration is provided, Google-managed default encryption is used. Updates to the `Secret` encryption configuration only apply to `SecretVersions` added afterwards. They do not apply retroactively to existing `SecretVersions`.

location

string

The canonical IDs of the location to replicate data. For example: "us-east1".

customer_managed_encryption

CustomerManagedEncryption

Optional. The customer-managed encryption configuration of the [User-Managed Replica][Replication.UserManaged.Replica]. If no configuration is provided, Google-managed default encryption is used.

Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions.

ReplicationStatus

The replication status of a SecretVersion.

Fields

Fields
Union field `replication_status`. The replication status of the `SecretVersion`. `replication_status` can be only one of the following:
`automatic`	`AutomaticStatus` Describes the replication status of a `SecretVersion` with automatic replication. Only populated if the parent `Secret` has an automatic replication policy.
`user_managed`	`UserManagedStatus` Describes the replication status of a `SecretVersion` with user-managed replication. Only populated if the parent `Secret` has a user-managed replication policy.

Union field replication_status. The replication status of the SecretVersion. replication_status can be only one of the following:

automatic

AutomaticStatus

Describes the replication status of a SecretVersion with automatic replication.

Only populated if the parent Secret has an automatic replication policy.

user_managed

UserManagedStatus

Describes the replication status of a SecretVersion with user-managed replication.

Only populated if the parent Secret has a user-managed replication policy.

AutomaticStatus

The replication status of a SecretVersion using automatic replication.

Only populated if the parent Secret has an automatic replication policy.

Fields

Fields
`customer_managed_encryption`	`CustomerManagedEncryptionStatus` Output only. The customer-managed encryption status of the `SecretVersion`. Only populated if customer-managed encryption is used.

customer_managed_encryption

CustomerManagedEncryptionStatus

Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.

UserManagedStatus

The replication status of a SecretVersion using user-managed replication.

Only populated if the parent Secret has a user-managed replication policy.

Fields

Fields
`replicas[]`	`ReplicaStatus` Output only. The list of replica statuses for the `SecretVersion`.

replicas[]

ReplicaStatus

Output only. The list of replica statuses for the SecretVersion.

ReplicaStatus

Describes the status of a user-managed replica for the SecretVersion.

Fields

Fields
`location`	`string` Output only. The canonical ID of the replica location. For example: `"us-east1"`.
`customer_managed_encryption`	`CustomerManagedEncryptionStatus` Output only. The customer-managed encryption status of the

location

string

Output only. The canonical ID of the replica location. For example: "us-east1".

customer_managed_encryption

CustomerManagedEncryptionStatus

Output only. The customer-managed encryption status of the

Package google.cloud.secretmanager.v1 Stay organized with collections Save and categorize content based on your preferences.

Index

SecretManagerService

AccessSecretVersionRequest

AccessSecretVersionResponse

AddSecretVersionRequest

CreateSecretRequest

CustomerManagedEncryption

CustomerManagedEncryptionStatus

DeleteSecretRequest

DestroySecretVersionRequest

DisableSecretVersionRequest

EnableSecretVersionRequest

GetSecretRequest

GetSecretVersionRequest

ListSecretVersionsRequest

ListSecretVersionsResponse

ListSecretsRequest

ListSecretsResponse

Replication

Automatic

UserManaged

Replica

ReplicationStatus

AutomaticStatus

UserManagedStatus

ReplicaStatus

Package google.cloud.secretmanager.v1