Secret Manager v1 API - Class Secret (2.5.0)

Reference documentation and code samples for the Secret Manager v1 API class Secret.

A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose value and versions can be accessed.

A [Secret][google.cloud.secretmanager.v1.Secret] is made up of zero or more [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] that represent the secret data.

Optional. Custom metadata about the secret.

Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database.

Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols.

The total size of annotation keys and values must be less than 16KiB.

Output only. The time at which the [Secret][google.cloud.secretmanager.v1.Secret] was created.

Optional. The customer-managed encryption configuration of the Regionalised Secrets. If no configuration is provided, Google-managed default encryption is used.

Updates to the [Secret][google.cloud.secretmanager.v1.Secret] encryption configuration only apply to [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added afterwards. They do not apply retroactively to existing [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].

Optional. Etag of the currently stored [Secret][google.cloud.secretmanager.v1.Secret].

Optional. Timestamp in UTC when the [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to expire. This is always provided on output, regardless of what was sent on input.

The labels assigned to this Secret.

Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}

Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}

No more than 64 labels can be assigned to a given resource.

Output only. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] in the format projects/*/secrets/*.

Optional. Immutable. The replication policy of the secret data attached to the [Secret][google.cloud.secretmanager.v1.Secret].

The replication policy cannot be changed after the Secret has been created.

Optional. Rotation policy attached to the [Secret][google.cloud.secretmanager.v1.Secret]. May be excluded if there is no rotation policy.

SecretName-typed view over the Name resource name property.

Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.

Input only. The TTL for the [Secret][google.cloud.secretmanager.v1.Secret].

Optional. Mapping from version alias to version name.

A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.

Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. Access by alias is only be supported on GetSecretVersion and AccessSecretVersion.

Optional. Secret Version TTL after destruction request

This is a part of the Delayed secret version destroy feature. For secret with TTL>0, version destruction doesn't happen immediately on calling destroy instead the version goes to a disabled state and destruction happens after the TTL expires.