Accesses a SecretVersion. This call returns the secret data. `projects/*/secrets/*/versions/latest` is an alias to the most recently created SecretVersion.
Close httplib2 connections.
destroy(name, body=None, x__xgafv=None)
Destroys a SecretVersion. Sets the state of the SecretVersion to DESTROYED and irrevocably destroys the secret data.
disable(name, body=None, x__xgafv=None)
Disables a SecretVersion. Sets the state of the SecretVersion to DISABLED.
enable(name, body=None, x__xgafv=None)
Enables a SecretVersion. Sets the state of the SecretVersion to ENABLED.
Gets metadata for a SecretVersion. `projects/*/secrets/*/versions/latest` is an alias to the most recently created SecretVersion.
list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)
Lists SecretVersions. This call does not return secret data.
Retrieves the next page of results.
access(name, x__xgafv=None)
Accesses a SecretVersion. This call returns the secret data. `projects/*/secrets/*/versions/latest` is an alias to the most recently created SecretVersion.
Args:
name: string, Required. The resource name of the SecretVersion in the format `projects/*/secrets/*/versions/*` or `projects/*/locations/*/secrets/*/versions/*`. `projects/*/secrets/*/versions/latest` or `projects/*/locations/*/secrets/*/versions/latest` is an alias to the most recently created SecretVersion. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for SecretManagerService.AccessSecretVersion.
"name": "A String", # The resource name of the SecretVersion in the format `projects/*/secrets/*/versions/*` or `projects/*/locations/*/secrets/*/versions/*`.
"payload": { # A secret payload resource in the Secret Manager API. This contains the sensitive secret payload that is associated with a SecretVersion. # Secret payload
"data": "A String", # The secret data. Must be no larger than 64KiB.
"dataCrc32c": "A String", # Optional. If specified, SecretManagerService will verify the integrity of the received data on SecretManagerService.AddSecretVersion calls using the crc32c checksum and store it to include in future SecretManagerService.AccessSecretVersion responses. If a checksum is not provided in the SecretManagerService.AddSecretVersion request, the SecretManagerService will generate and store one for you. The CRC32C value is encoded as a Int64 for compatibility, and can be safely downconverted to uint32 in languages that support this type. https://cloud.google.com/apis/design/design_patterns#integer_types
},
}
close()
Close httplib2 connections.
destroy(name, body=None, x__xgafv=None)
Destroys a SecretVersion. Sets the state of the SecretVersion to DESTROYED and irrevocably destroys the secret data.
Args:
name: string, Required. The resource name of the SecretVersion to destroy in the format `projects/*/secrets/*/versions/*` or `projects/*/locations/*/secrets/*/versions/*`. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for SecretManagerService.DestroySecretVersion.
"etag": "A String", # Optional. Etag of the SecretVersion. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A secret version resource in the Secret Manager API.
"clientSpecifiedPayloadChecksum": True or False, # Output only. True if payload checksum specified in SecretPayload object has been received by SecretManagerService on SecretManagerService.AddSecretVersion.
"createTime": "A String", # Output only. The time at which the SecretVersion was created.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used and Secret is a regionalized secret.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
"destroyTime": "A String", # Output only. The time this SecretVersion was destroyed. Only present if state is DESTROYED.
"etag": "A String", # Output only. Etag of the currently stored SecretVersion.
"name": "A String", # Output only. The resource name of the SecretVersion in the format `projects/*/secrets/*/versions/*`. SecretVersion IDs in a Secret start at 1 and are incremented for each subsequent version of the secret.
"replicationStatus": { # The replication status of a SecretVersion. # The replication status of the SecretVersion.
"automatic": { # The replication status of a SecretVersion using automatic replication. Only populated if the parent Secret has an automatic replication policy. # Describes the replication status of a SecretVersion with automatic replication. Only populated if the parent Secret has an automatic replication policy.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
},
"userManaged": { # The replication status of a SecretVersion using user-managed replication. Only populated if the parent Secret has a user-managed replication policy. # Describes the replication status of a SecretVersion with user-managed replication. Only populated if the parent Secret has a user-managed replication policy.
"replicas": [ # Output only. The list of replica statuses for the SecretVersion.
{ # Describes the status of a user-managed replica for the SecretVersion.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
"location": "A String", # Output only. The canonical ID of the replica location. For example: `"us-east1"`.
},
],
},
},
"scheduledDestroyTime": "A String", # Optional. Output only. Scheduled destroy time for secret version. This is a part of the Delayed secret version destroy feature. For a Secret with a valid version destroy TTL, when a secert version is destroyed, version is moved to disabled state and it is scheduled for destruction Version is destroyed only after the scheduled_destroy_time.
"state": "A String", # Output only. The current state of the SecretVersion.
}
disable(name, body=None, x__xgafv=None)
Disables a SecretVersion. Sets the state of the SecretVersion to DISABLED.
Args:
name: string, Required. The resource name of the SecretVersion to disable in the format `projects/*/secrets/*/versions/*` or `projects/*/locations/*/secrets/*/versions/*`. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for SecretManagerService.DisableSecretVersion.
"etag": "A String", # Optional. Etag of the SecretVersion. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A secret version resource in the Secret Manager API.
"clientSpecifiedPayloadChecksum": True or False, # Output only. True if payload checksum specified in SecretPayload object has been received by SecretManagerService on SecretManagerService.AddSecretVersion.
"createTime": "A String", # Output only. The time at which the SecretVersion was created.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used and Secret is a regionalized secret.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
"destroyTime": "A String", # Output only. The time this SecretVersion was destroyed. Only present if state is DESTROYED.
"etag": "A String", # Output only. Etag of the currently stored SecretVersion.
"name": "A String", # Output only. The resource name of the SecretVersion in the format `projects/*/secrets/*/versions/*`. SecretVersion IDs in a Secret start at 1 and are incremented for each subsequent version of the secret.
"replicationStatus": { # The replication status of a SecretVersion. # The replication status of the SecretVersion.
"automatic": { # The replication status of a SecretVersion using automatic replication. Only populated if the parent Secret has an automatic replication policy. # Describes the replication status of a SecretVersion with automatic replication. Only populated if the parent Secret has an automatic replication policy.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
},
"userManaged": { # The replication status of a SecretVersion using user-managed replication. Only populated if the parent Secret has a user-managed replication policy. # Describes the replication status of a SecretVersion with user-managed replication. Only populated if the parent Secret has a user-managed replication policy.
"replicas": [ # Output only. The list of replica statuses for the SecretVersion.
{ # Describes the status of a user-managed replica for the SecretVersion.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
"location": "A String", # Output only. The canonical ID of the replica location. For example: `"us-east1"`.
},
],
},
},
"scheduledDestroyTime": "A String", # Optional. Output only. Scheduled destroy time for secret version. This is a part of the Delayed secret version destroy feature. For a Secret with a valid version destroy TTL, when a secert version is destroyed, version is moved to disabled state and it is scheduled for destruction Version is destroyed only after the scheduled_destroy_time.
"state": "A String", # Output only. The current state of the SecretVersion.
}
enable(name, body=None, x__xgafv=None)
Enables a SecretVersion. Sets the state of the SecretVersion to ENABLED.
Args:
name: string, Required. The resource name of the SecretVersion to enable in the format `projects/*/secrets/*/versions/*` or `projects/*/locations/*/secrets/*/versions/*`. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for SecretManagerService.EnableSecretVersion.
"etag": "A String", # Optional. Etag of the SecretVersion. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A secret version resource in the Secret Manager API.
"clientSpecifiedPayloadChecksum": True or False, # Output only. True if payload checksum specified in SecretPayload object has been received by SecretManagerService on SecretManagerService.AddSecretVersion.
"createTime": "A String", # Output only. The time at which the SecretVersion was created.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used and Secret is a regionalized secret.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
"destroyTime": "A String", # Output only. The time this SecretVersion was destroyed. Only present if state is DESTROYED.
"etag": "A String", # Output only. Etag of the currently stored SecretVersion.
"name": "A String", # Output only. The resource name of the SecretVersion in the format `projects/*/secrets/*/versions/*`. SecretVersion IDs in a Secret start at 1 and are incremented for each subsequent version of the secret.
"replicationStatus": { # The replication status of a SecretVersion. # The replication status of the SecretVersion.
"automatic": { # The replication status of a SecretVersion using automatic replication. Only populated if the parent Secret has an automatic replication policy. # Describes the replication status of a SecretVersion with automatic replication. Only populated if the parent Secret has an automatic replication policy.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
},
"userManaged": { # The replication status of a SecretVersion using user-managed replication. Only populated if the parent Secret has a user-managed replication policy. # Describes the replication status of a SecretVersion with user-managed replication. Only populated if the parent Secret has a user-managed replication policy.
"replicas": [ # Output only. The list of replica statuses for the SecretVersion.
{ # Describes the status of a user-managed replica for the SecretVersion.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
"location": "A String", # Output only. The canonical ID of the replica location. For example: `"us-east1"`.
},
],
},
},
"scheduledDestroyTime": "A String", # Optional. Output only. Scheduled destroy time for secret version. This is a part of the Delayed secret version destroy feature. For a Secret with a valid version destroy TTL, when a secert version is destroyed, version is moved to disabled state and it is scheduled for destruction Version is destroyed only after the scheduled_destroy_time.
"state": "A String", # Output only. The current state of the SecretVersion.
}
get(name, x__xgafv=None)
Gets metadata for a SecretVersion. `projects/*/secrets/*/versions/latest` is an alias to the most recently created SecretVersion.
Args:
name: string, Required. The resource name of the SecretVersion in the format `projects/*/secrets/*/versions/*` or `projects/*/locations/*/secrets/*/versions/*`. `projects/*/secrets/*/versions/latest` or `projects/*/locations/*/secrets/*/versions/latest` is an alias to the most recently created SecretVersion. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A secret version resource in the Secret Manager API.
"clientSpecifiedPayloadChecksum": True or False, # Output only. True if payload checksum specified in SecretPayload object has been received by SecretManagerService on SecretManagerService.AddSecretVersion.
"createTime": "A String", # Output only. The time at which the SecretVersion was created.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used and Secret is a regionalized secret.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
"destroyTime": "A String", # Output only. The time this SecretVersion was destroyed. Only present if state is DESTROYED.
"etag": "A String", # Output only. Etag of the currently stored SecretVersion.
"name": "A String", # Output only. The resource name of the SecretVersion in the format `projects/*/secrets/*/versions/*`. SecretVersion IDs in a Secret start at 1 and are incremented for each subsequent version of the secret.
"replicationStatus": { # The replication status of a SecretVersion. # The replication status of the SecretVersion.
"automatic": { # The replication status of a SecretVersion using automatic replication. Only populated if the parent Secret has an automatic replication policy. # Describes the replication status of a SecretVersion with automatic replication. Only populated if the parent Secret has an automatic replication policy.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
},
"userManaged": { # The replication status of a SecretVersion using user-managed replication. Only populated if the parent Secret has a user-managed replication policy. # Describes the replication status of a SecretVersion with user-managed replication. Only populated if the parent Secret has a user-managed replication policy.
"replicas": [ # Output only. The list of replica statuses for the SecretVersion.
{ # Describes the status of a user-managed replica for the SecretVersion.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
"location": "A String", # Output only. The canonical ID of the replica location. For example: `"us-east1"`.
},
],
},
},
"scheduledDestroyTime": "A String", # Optional. Output only. Scheduled destroy time for secret version. This is a part of the Delayed secret version destroy feature. For a Secret with a valid version destroy TTL, when a secert version is destroyed, version is moved to disabled state and it is scheduled for destruction Version is destroyed only after the scheduled_destroy_time.
"state": "A String", # Output only. The current state of the SecretVersion.
}
list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)
Lists SecretVersions. This call does not return secret data.
Args:
parent: string, Required. The resource name of the Secret associated with the SecretVersions to list, in the format `projects/*/secrets/*` or `projects/*/locations/*/secrets/*`. (required)
filter: string, Optional. Filter string, adhering to the rules in [List-operation filtering](https://cloud.google.com/secret-manager/docs/filtering). List only secret versions matching the filter. If filter is empty, all secret versions are listed.
pageSize: integer, Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
pageToken: string, Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for SecretManagerService.ListSecretVersions.
"nextPageToken": "A String", # A token to retrieve the next page of results. Pass this value in ListSecretVersionsRequest.page_token to retrieve the next page.
"totalSize": 42, # The total number of SecretVersions but 0 when the ListSecretsRequest.filter field is set.
"versions": [ # The list of SecretVersions sorted in reverse by create_time (newest first).
{ # A secret version resource in the Secret Manager API.
"clientSpecifiedPayloadChecksum": True or False, # Output only. True if payload checksum specified in SecretPayload object has been received by SecretManagerService on SecretManagerService.AddSecretVersion.
"createTime": "A String", # Output only. The time at which the SecretVersion was created.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used and Secret is a regionalized secret.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
"destroyTime": "A String", # Output only. The time this SecretVersion was destroyed. Only present if state is DESTROYED.
"etag": "A String", # Output only. Etag of the currently stored SecretVersion.
"name": "A String", # Output only. The resource name of the SecretVersion in the format `projects/*/secrets/*/versions/*`. SecretVersion IDs in a Secret start at 1 and are incremented for each subsequent version of the secret.
"replicationStatus": { # The replication status of a SecretVersion. # The replication status of the SecretVersion.
"automatic": { # The replication status of a SecretVersion using automatic replication. Only populated if the parent Secret has an automatic replication policy. # Describes the replication status of a SecretVersion with automatic replication. Only populated if the parent Secret has an automatic replication policy.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
},
"userManaged": { # The replication status of a SecretVersion using user-managed replication. Only populated if the parent Secret has a user-managed replication policy. # Describes the replication status of a SecretVersion with user-managed replication. Only populated if the parent Secret has a user-managed replication policy.
"replicas": [ # Output only. The list of replica statuses for the SecretVersion.
{ # Describes the status of a user-managed replica for the SecretVersion.
"customerManagedEncryption": { # Describes the status of customer-managed encryption. # Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used.
"kmsKeyVersionName": "A String", # Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
},
"location": "A String", # Output only. The canonical ID of the replica location. For example: `"us-east1"`.
},
],
},
},
"scheduledDestroyTime": "A String", # Optional. Output only. Scheduled destroy time for secret version. This is a part of the Delayed secret version destroy feature. For a Secret with a valid version destroy TTL, when a secert version is destroyed, version is moved to disabled state and it is scheduled for destruction Version is destroyed only after the scheduled_destroy_time.
"state": "A String", # Output only. The current state of the SecretVersion.
},
],
}
list_next()
Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.