SecretManagerServiceClient

Constructor

new SecretManagerServiceClient(optionsopt)

Construct an instance of SecretManagerServiceClient.

Parameters:

Name Type Attributes Description

options

object

The configuration object. The options accepted by the constructor are described in detail in this document. The common options are:

Properties

Name Type Attributes Description

credentials

object

Credentials object.

Properties

Name	Type	Attributes	Description
`client_email`	string	<optional>
`private_key`	string	<optional>

email

string

Account email address. Required when using a .pem or .p12 keyFilename.

keyFilename

string

Full path to the a .json, .pem, or .p12 key downloaded from the Google Developers Console. If you provide a path to a JSON file, the projectId option below is not necessary. NOTE: .pem and .p12 require you to specify options.email as well.

port

number

The port on which to connect to the remote host.

projectId

string

The project ID from the Google Developer's Console, e.g. 'grape-spaceship-123'. We will also check the environment variable GCLOUD_PROJECT for your project ID. If your app is running in an environment which supports Application Default Credentials, your project ID will be detected automatically.

apiEndpoint

string

The domain name of the API remote host.

clientConfig

gax.ClientConfig

Client configuration override. Follows the structure of gapicConfig.

fallback

boolean

Use HTTP fallback mode. In fallback mode, a special browser-compatible transport implementation is used instead of gRPC transport. In browser context (if the window object is defined) the fallback mode is enabled automatically; set options.fallback to false if you need to override this behavior.

Members

apiEndpoint

The DNS address for this API service - same as servicePath(), exists for compatibility reasons.

port

The port for this API service.

scopes

The scopes needed to make gRPC calls for every method defined in this service.

servicePath

The DNS address for this API service.

Methods

accessSecretVersion(request, optionsopt) → {Promise}

Accesses a SecretVersion. This call returns the secret data.

projects/* /secrets/* /versions/latest is an alias to the latest SecretVersion.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The resource name of the SecretVersion in the format `projects/* /secrets/* /versions/*`.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing AccessSecretVersionResponse. Please see the documentation for more details and examples.

Example

const [response] = await client.accessSecretVersion(request);

addSecretVersion(request, optionsopt) → {Promise}

Creates a new SecretVersion containing secret data and attaches it to an existing Secret.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`parent`	string	Required. The resource name of the Secret to associate with the SecretVersion in the format `projects/* /secrets/*`.
`payload`	google.cloud.secrets.v1beta1.SecretPayload	Required. The secret payload of the SecretVersion.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing SecretVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.addSecretVersion(request);

close() → {Promise}

Terminate the gRPC channel and close the client.

The client will no longer be usable and all future behavior is undefined.

Returns:

Type	Description
Promise	A promise that resolves when the client is closed.

createSecret(request, optionsopt) → {Promise}

Creates a new Secret containing no SecretVersions.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name Type Description

parent

string

Required. The resource name of the project to associate with the Secret, in the format projects/*.

secretId

string

Required. This must be unique within the project.

A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (-) and underscore (_) characters.

secret

google.cloud.secrets.v1beta1.Secret

Required. A Secret with initial field values.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing Secret. Please see the documentation for more details and examples.

Example

const [response] = await client.createSecret(request);

deleteSecret(request, optionsopt) → {Promise}

Deletes a Secret.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The resource name of the Secret to delete in the format `projects/* /secrets/*`.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing Empty. Please see the documentation for more details and examples.

Example

const [response] = await client.deleteSecret(request);

destroySecretVersion(request, optionsopt) → {Promise}

Destroys a SecretVersion.

Sets the state of the SecretVersion to DESTROYED and irrevocably destroys the secret data.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The resource name of the SecretVersion to destroy in the format `projects/* /secrets/* /versions/*`.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing SecretVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.destroySecretVersion(request);

disableSecretVersion(request, optionsopt) → {Promise}

Disables a SecretVersion.

Sets the state of the SecretVersion to DISABLED.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The resource name of the SecretVersion to disable in the format `projects/* /secrets/* /versions/*`.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing SecretVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.disableSecretVersion(request);

enableSecretVersion(request, optionsopt) → {Promise}

Enables a SecretVersion.

Sets the state of the SecretVersion to ENABLED.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The resource name of the SecretVersion to enable in the format `projects/* /secrets/* /versions/*`.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing SecretVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.enableSecretVersion(request);

getIamPolicy(request, optionsopt) → {Promise}

Gets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`resource`	string	REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
`options`	google.iam.v1.GetPolicyOptions	OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`. This field is only used by Cloud IAM.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing Policy. Please see the documentation for more details and examples.

Example

const [response] = await client.getIamPolicy(request);

getProjectId() → {Promise}

Return the project ID used by this class.

Returns:

Type	Description
Promise	A promise that resolves to string containing the project ID.

getSecret(request, optionsopt) → {Promise}

Gets metadata for a given Secret.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The resource name of the Secret, in the format `projects/* /secrets/*`.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing Secret. Please see the documentation for more details and examples.

Example

const [response] = await client.getSecret(request);

getSecretVersion(request, optionsopt) → {Promise}

Gets metadata for a SecretVersion.

projects/* /secrets/* /versions/latest is an alias to the latest SecretVersion.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The resource name of the SecretVersion in the format `projects/* /secrets/* /versions/`. `projects/ /secrets/* /versions/latest` is an alias to the `latest` SecretVersion.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing SecretVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.getSecretVersion(request);

initialize() → {Promise}

Initialize the client. Performs asynchronous operations (such as authentication) and prepares the client. This function will be called automatically when any class method is called for the first time, but if you need to initialize it before calling an actual method, feel free to call initialize() directly.

You can await on this method if you want to make sure the client is initialized.

Returns:

Type	Description
Promise	A promise that resolves to an authenticated service stub.

listSecretVersions(request, optionsopt) → {Promise}

Lists SecretVersions. This call does not return secret data.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the Secret associated with the SecretVersions to list, in the format `projects/* /secrets/*`.
`pageSize`	number	<optional>	Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
`pageToken`	string	<optional>	Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].

options

object

Call options. See CallOptions for more details.

Returns:

Type Description

Type	Description
Promise	The promise which resolves to an array. The first element of the array is Array of SecretVersion. The client library will perform auto-pagination by default: it will call the API as many times as needed and will merge results from all the pages into this array. Note that it can affect your quota. We recommend using `listSecretVersionsAsync()` method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

Promise

The promise which resolves to an array. The first element of the array is Array of SecretVersion. The client library will perform auto-pagination by default: it will call the API as many times as needed and will merge results from all the pages into this array. Note that it can affect your quota. We recommend using listSecretVersionsAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listSecretVersionsAsync(request, optionsopt) → {Object}

Equivalent to listSecretVersions, but returns an iterable object.

for-await-of syntax is used with the iterable to get response elements on-demand.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the Secret associated with the SecretVersions to list, in the format `projects/* /secrets/*`.
`pageSize`	number	<optional>	Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
`pageToken`	string	<optional>	Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Object	An iterable Object that allows async iteration. When you iterate the returned iterable, each element will be an object representing SecretVersion. The API will be called under the hood as needed, once per the page, so you can stop the iteration when you don't need more results. Please see the documentation for more details and examples.

Example

const iterable = client.listSecretVersionsAsync(request);
for await (const response of iterable) {
  // process response
}

listSecretVersionsStream(request, optionsopt) → {Stream}

Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the Secret associated with the SecretVersions to list, in the format `projects/* /secrets/*`.
`pageSize`	number	<optional>	Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
`pageToken`	string	<optional>	Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].

options

object

Call options. See CallOptions for more details.

Returns:

Type Description

Type	Description
Stream	An object stream which emits an object representing SecretVersion on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using `listSecretVersionsAsync()` method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

Stream

An object stream which emits an object representing SecretVersion on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using listSecretVersionsAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listSecrets(request, optionsopt) → {Promise}

Lists Secrets.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the project associated with the Secrets, in the format `projects/*`.
`pageSize`	number	<optional>	Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
`pageToken`	string	<optional>	Optional. Pagination token, returned earlier via ListSecretsResponse.next_page_token.

options

object

Call options. See CallOptions for more details.

Returns:

Type Description

Type	Description
Promise	The promise which resolves to an array. The first element of the array is Array of Secret. The client library will perform auto-pagination by default: it will call the API as many times as needed and will merge results from all the pages into this array. Note that it can affect your quota. We recommend using `listSecretsAsync()` method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

Promise

The promise which resolves to an array. The first element of the array is Array of Secret. The client library will perform auto-pagination by default: it will call the API as many times as needed and will merge results from all the pages into this array. Note that it can affect your quota. We recommend using listSecretsAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listSecretsAsync(request, optionsopt) → {Object}

Equivalent to listSecrets, but returns an iterable object.

for-await-of syntax is used with the iterable to get response elements on-demand.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the project associated with the Secrets, in the format `projects/*`.
`pageSize`	number	<optional>	Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
`pageToken`	string	<optional>	Optional. Pagination token, returned earlier via ListSecretsResponse.next_page_token.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Object	An iterable Object that allows async iteration. When you iterate the returned iterable, each element will be an object representing Secret. The API will be called under the hood as needed, once per the page, so you can stop the iteration when you don't need more results. Please see the documentation for more details and examples.

Example

const iterable = client.listSecretsAsync(request);
for await (const response of iterable) {
  // process response
}

listSecretsStream(request, optionsopt) → {Stream}

Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the project associated with the Secrets, in the format `projects/*`.
`pageSize`	number	<optional>	Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
`pageToken`	string	<optional>	Optional. Pagination token, returned earlier via ListSecretsResponse.next_page_token.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Stream	An object stream which emits an object representing Secret on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using `listSecretsAsync()` method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

matchProjectFromProjectName(projectName) → {string}

Parse the project from Project resource.

Parameters:

Name	Type	Description
`projectName`	string	A fully-qualified path representing Project resource.

Returns:

Type	Description
string	A string representing the project.

matchProjectFromSecretName(secretName) → {string}

Parse the project from Secret resource.

Parameters:

Name	Type	Description
`secretName`	string	A fully-qualified path representing Secret resource.

Returns:

Type	Description
string	A string representing the project.

matchProjectFromSecretVersionName(secretVersionName) → {string}

Parse the project from SecretVersion resource.

Parameters:

Name	Type	Description
`secretVersionName`	string	A fully-qualified path representing SecretVersion resource.

Returns:

Type	Description
string	A string representing the project.

matchSecretFromSecretName(secretName) → {string}

Parse the secret from Secret resource.

Parameters:

Name	Type	Description
`secretName`	string	A fully-qualified path representing Secret resource.

Returns:

Type	Description
string	A string representing the secret.

matchSecretFromSecretVersionName(secretVersionName) → {string}

Parse the secret from SecretVersion resource.

Parameters:

Name	Type	Description
`secretVersionName`	string	A fully-qualified path representing SecretVersion resource.

Returns:

Type	Description
string	A string representing the secret.

matchSecretVersionFromSecretVersionName(secretVersionName) → {string}

Parse the secret_version from SecretVersion resource.

Parameters:

Name	Type	Description
`secretVersionName`	string	A fully-qualified path representing SecretVersion resource.

Returns:

Type	Description
string	A string representing the secret_version.

projectPath(project) → {string}

Return a fully-qualified project resource name string.

Parameters:

Name	Type	Description
`project`	string

Returns:

Type	Description
string	Resource name string.

secretPath(project, secret) → {string}

Return a fully-qualified secret resource name string.

Parameters:

Name	Type	Description
`project`	string
`secret`	string

Returns:

Type	Description
string	Resource name string.

secretVersionPath(project, secret, secret_version) → {string}

Return a fully-qualified secretVersion resource name string.

Parameters:

Name	Type	Description
`project`	string
`secret`	string
`secret_version`	string

Returns:

Type	Description
string	Resource name string.

setIamPolicy(request, optionsopt) → {Promise}

Sets the access control policy on the specified secret. Replaces any existing policy.

Permissions on SecretVersions are enforced according to the policy set on the associated Secret.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`resource`	string	REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
`policy`	google.iam.v1.Policy	REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing Policy. Please see the documentation for more details and examples.

Example

const [response] = await client.setIamPolicy(request);

testIamPermissions(request, optionsopt) → {Promise}

Returns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`resource`	string	REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
`permissions`	Array.<string>	The set of permissions to check for the `resource`. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing TestIamPermissionsResponse. Please see the documentation for more details and examples.

Example

const [response] = await client.testIamPermissions(request);

updateSecret(request, optionsopt) → {Promise}

Updates metadata of an existing Secret.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`secret`	google.cloud.secrets.v1beta1.Secret	Required. Secret with updated field values.
`updateMask`	google.protobuf.FieldMask	Required. Specifies the fields to be updated.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing Secret. Please see the documentation for more details and examples.

Example

const [response] = await client.updateSecret(request);