SecretManagerServiceClient

SecretManagerServiceClient

Secret Manager Service

Manages secrets and operations using those secrets. Implements a REST model with the following objects:

  • [Secret][google.cloud.secrets.v1beta1.Secret]
  • [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]

Constructor

new SecretManagerServiceClient(optionsopt)

Construct an instance of SecretManagerServiceClient.

Parameters:
Name Type Attributes Description
options object <optional>

The configuration object. See the subsequent parameters for more details.

Properties
Name Type Attributes Description
credentials object <optional>

Credentials object.

Properties
Name Type Attributes Description
client_email string <optional>
private_key string <optional>
email string <optional>

Account email address. Required when using a .pem or .p12 keyFilename.
keyFilename string <optional>

Full path to the a .json, .pem, or .p12 key downloaded from the Google Developers Console. If you provide a path to a JSON file, the projectId option below is not necessary. NOTE: .pem and .p12 require you to specify options.email as well.
port number <optional>

The port on which to connect to the remote host.
projectId string <optional>

The project ID from the Google Developer's Console, e.g. 'grape-spaceship-123'. We will also check the environment variable GCLOUD_PROJECT for your project ID. If your app is running in an environment which supports Application Default Credentials, your project ID will be detected automatically.
promise function <optional>

Custom promise module to use instead of native Promises.
apiEndpoint string <optional>

The domain name of the API remote host.
Source:

Members

(static) apiEndpoint

The DNS address for this API service - same as servicePath(), exists for compatibility reasons.

Source:

(static) port

The port for this API service.

Source:

(static) scopes

The scopes needed to make gRPC calls for every method defined in this service.

Source:

(static) servicePath

The DNS address for this API service.

Source:

Methods

accessSecretVersion(request, optionsopt) → {Promise}

Accesses a [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion]. This call returns the secret data.

projects/* /secrets/* /versions/latest is an alias to the latest [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] in the format projects/* /secrets/* /versions/*.
options object <optional>

Call options. See CallOptions for more details.
Source:

addSecretVersion(request, optionsopt) → {Promise}

Creates a new [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] containing secret data and attaches it to an existing [Secret][google.cloud.secrets.v1beta1.Secret].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret] to associate with the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] in the format projects/* /secrets/*.
payload google.cloud.secrets.v1beta1.SecretPayload

Required. The secret payload of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
options object <optional>

Call options. See CallOptions for more details.
Source:

close()

Terminate the GRPC channel and close the client.

The client will no longer be usable and all future behavior is undefined.

Source:

createSecret(request, optionsopt) → {Promise}

Creates a new [Secret][google.cloud.secrets.v1beta1.Secret] containing no [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The resource name of the project to associate with the [Secret][google.cloud.secrets.v1beta1.Secret], in the format projects/*.
secretId string

Required. This must be unique within the project.
secret google.cloud.secrets.v1beta1.Secret

A [Secret][google.cloud.secrets.v1beta1.Secret] with initial field values.
options object <optional>

Call options. See CallOptions for more details.
Source:

deleteSecret(request, optionsopt) → {Promise}

Deletes a [Secret][google.cloud.secrets.v1beta1.Secret].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret] to delete in the format projects/* /secrets/*.
options object <optional>

Call options. See CallOptions for more details.
Source:

destroySecretVersion(request, optionsopt) → {Promise}

Destroys a [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].

Sets the [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to [DESTROYED][google.cloud.secrets.v1beta1.SecretVersion.State.DESTROYED] and irrevocably destroys the secret data.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to destroy in the format projects/* /secrets/* /versions/*.
options object <optional>

Call options. See CallOptions for more details.
Source:

disableSecretVersion(request, optionsopt) → {Promise}

Disables a [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].

Sets the [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to [DISABLED][google.cloud.secrets.v1beta1.SecretVersion.State.DISABLED].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to disable in the format projects/* /secrets/* /versions/*.
options object <optional>

Call options. See CallOptions for more details.
Source:

enableSecretVersion(request, optionsopt) → {Promise}

Enables a [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].

Sets the [state][google.cloud.secrets.v1beta1.SecretVersion.state] of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to [ENABLED][google.cloud.secrets.v1beta1.SecretVersion.State.ENABLED].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] to enable in the format projects/* /secrets/* /versions/*.
options object <optional>

Call options. See CallOptions for more details.
Source:

getIamPolicy(request, optionsopt) → {Promise}

Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.
options object <optional>

Call options. See CallOptions for more details.
Source:

getProjectId(callback)

Return the project ID used by this class.

Parameters:
Name Type Description
callback function

the callback to be called with the current project Id.
Source:

getSecret(request, optionsopt) → {Promise}

Gets metadata for a given [Secret][google.cloud.secrets.v1beta1.Secret].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret], in the format projects/* /secrets/*.
options object <optional>

Call options. See CallOptions for more details.
Source:

getSecretVersion(request, optionsopt) → {Promise}

Gets metadata for a [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].

projects/* /secrets/* /versions/latest is an alias to the latest [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion] in the format projects/* /secrets/* /versions/*. projects/* /secrets/* /versions/latest is an alias to the latest [SecretVersion][google.cloud.secrets.v1beta1.SecretVersion].
options object <optional>

Call options. See CallOptions for more details.
Source:

listSecrets(request, optionsopt) → {Promise}

Lists [Secrets][google.cloud.secrets.v1beta1.Secret].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the project associated with the [Secrets][google.cloud.secrets.v1beta1.Secret], in the format projects/*.
pageSize number <optional>

Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
pageToken string <optional>

Optional. Pagination token, returned earlier via [ListSecretsResponse.next_page_token][google.cloud.secrets.v1beta1.ListSecretsResponse.next_page_token].
options object <optional>

Call options. See CallOptions for more details.
Source:

listSecretsStream(request, optionsopt) → {Stream}

Equivalent to listSecrets, but returns a NodeJS Stream object.

This fetches the paged responses for listSecrets continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the project associated with the [Secrets][google.cloud.secrets.v1beta1.Secret], in the format projects/*.
pageSize number <optional>

Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
pageToken string <optional>

Optional. Pagination token, returned earlier via [ListSecretsResponse.next_page_token][google.cloud.secrets.v1beta1.ListSecretsResponse.next_page_token].
options object <optional>

Call options. See CallOptions for more details.
Source:
See:

listSecretVersions(request, optionsopt) → {Promise}

Lists [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion]. This call does not return secret data.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret] associated with the [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] to list, in the format projects/* /secrets/*.
pageSize number <optional>

Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
pageToken string <optional>

Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].
options object <optional>

Call options. See CallOptions for more details.
Source:

listSecretVersionsStream(request, optionsopt) → {Stream}

Equivalent to listSecretVersions, but returns a NodeJS Stream object.

This fetches the paged responses for listSecretVersions continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the [Secret][google.cloud.secrets.v1beta1.Secret] associated with the [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] to list, in the format projects/* /secrets/*.
pageSize number <optional>

Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
pageToken string <optional>

Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].
options object <optional>

Call options. See CallOptions for more details.
Source:
See:

matchProjectFromSecretName(secretName) → {string}

Parse the project from Secret resource.

Parameters:
Name Type Description
secretName string

A fully-qualified path representing Secret resource.
Source:

matchProjectFromSecretVersionName(secretVersionName) → {string}

Parse the project from SecretVersion resource.

Parameters:
Name Type Description
secretVersionName string

A fully-qualified path representing SecretVersion resource.
Source:

matchSecretFromSecretName(secretName) → {string}

Parse the secret from Secret resource.

Parameters:
Name Type Description
secretName string

A fully-qualified path representing Secret resource.
Source:

matchSecretFromSecretVersionName(secretVersionName) → {string}

Parse the secret from SecretVersion resource.

Parameters:
Name Type Description
secretVersionName string

A fully-qualified path representing SecretVersion resource.
Source:

matchSecretVersionFromSecretVersionName(secretVersionName) → {string}

Parse the secret_version from SecretVersion resource.

Parameters:
Name Type Description
secretVersionName string

A fully-qualified path representing SecretVersion resource.
Source:

secretPath(project, secret) → {string}

Return a fully-qualified secret resource name string.

Parameters:
Name Type Description
project string
secret string
Source:

secretVersionPath(project, secret, secret_version) → {string}

Return a fully-qualified secretVersion resource name string.

Parameters:
Name Type Description
project string
secret string
secret_version string
Source:

setIamPolicy(request, optionsopt) → {Promise}

Sets the access control policy on the specified secret. Replaces any existing policy.

Permissions on [SecretVersions][google.cloud.secrets.v1beta1.SecretVersion] are enforced according to the policy set on the associated [Secret][google.cloud.secrets.v1beta1.Secret].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.
options object <optional>

Call options. See CallOptions for more details.
Source:

testIamPermissions(request, optionsopt) → {Promise}

Returns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.
options object <optional>

Call options. See CallOptions for more details.
Source:

updateSecret(request, optionsopt) → {Promise}

Updates metadata of an existing [Secret][google.cloud.secrets.v1beta1.Secret].

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
secret google.cloud.secrets.v1beta1.Secret

Required. [Secret][google.cloud.secrets.v1beta1.Secret] with updated field values.
updateMask google.protobuf.FieldMask

Required. Specifies the fields to be updated.
options object <optional>

Call options. See CallOptions for more details.
Source: