Types for Google Cloud Secretmanager v1 API¶
- class google.cloud.secretmanager_v1.types.AccessSecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion].
- name¶
Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format
projects/*/secrets/*/versions/*
orprojects/*/locations/*/secrets/*/versions/*
.projects/*/secrets/*/versions/latest
orprojects/*/locations/*/secrets/*/versions/latest
is an alias to the most recently created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].- Type
- class google.cloud.secretmanager_v1.types.AccessSecretVersionResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Response message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion].
- name¶
The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format
projects/*/secrets/*/versions/*
orprojects/*/locations/*/secrets/*/versions/*
.- Type
- payload¶
Secret payload
- class google.cloud.secretmanager_v1.types.AddSecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion].
- parent¶
Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to associate with the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format
projects/*/secrets/*
orprojects/*/locations/*/secrets/*
.- Type
- payload¶
Required. The secret payload of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
- class google.cloud.secretmanager_v1.types.CreateSecretRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.CreateSecret][google.cloud.secretmanager.v1.SecretManagerService.CreateSecret].
- parent¶
Required. The resource name of the project to associate with the [Secret][google.cloud.secretmanager.v1.Secret], in the format
projects/*
orprojects/*/locations/*
.- Type
- secret_id¶
Required. This must be unique within the project.
A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore (_
) characters.- Type
- secret¶
Required. A [Secret][google.cloud.secretmanager.v1.Secret] with initial field values.
- class google.cloud.secretmanager_v1.types.CustomerManagedEncryption(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Configuration for encrypting secret payloads using customer-managed encryption keys (CMEK).
- kms_key_name¶
Required. The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.
For secrets using the [UserManaged][google.cloud.secretmanager.v1.Replication.UserManaged] replication policy type, Cloud KMS CryptoKeys must reside in the same location as the [replica location][Secret.UserManaged.Replica.location].
For secrets using the [Automatic][google.cloud.secretmanager.v1.Replication.Automatic] replication policy type, Cloud KMS CryptoKeys must reside in
global
.The expected format is
projects/*/locations/*/keyRings/*/cryptoKeys/*
.- Type
- class google.cloud.secretmanager_v1.types.CustomerManagedEncryptionStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Describes the status of customer-managed encryption.
- class google.cloud.secretmanager_v1.types.DeleteSecretRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.DeleteSecret][google.cloud.secretmanager.v1.SecretManagerService.DeleteSecret].
- name¶
Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to delete in the format
projects/*/secrets/*
.- Type
- class google.cloud.secretmanager_v1.types.DestroySecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.DestroySecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DestroySecretVersion].
- name¶
Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to destroy in the format
projects/*/secrets/*/versions/*
orprojects/*/locations/*/secrets/*/versions/*
.- Type
- class google.cloud.secretmanager_v1.types.DisableSecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.DisableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DisableSecretVersion].
- name¶
Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to disable in the format
projects/*/secrets/*/versions/*
orprojects/*/locations/*/secrets/*/versions/*
.- Type
- class google.cloud.secretmanager_v1.types.EnableSecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.EnableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.EnableSecretVersion].
- name¶
Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to enable in the format
projects/*/secrets/*/versions/*
orprojects/*/locations/*/secrets/*/versions/*
.- Type
- class google.cloud.secretmanager_v1.types.GetSecretRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.GetSecret][google.cloud.secretmanager.v1.SecretManagerService.GetSecret].
- class google.cloud.secretmanager_v1.types.GetSecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.GetSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.GetSecretVersion].
- name¶
Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format
projects/*/secrets/*/versions/*
orprojects/*/locations/*/secrets/*/versions/*
.projects/*/secrets/*/versions/latest
orprojects/*/locations/*/secrets/*/versions/latest
is an alias to the most recently created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].- Type
- class google.cloud.secretmanager_v1.types.ListSecretVersionsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions].
- parent¶
Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] associated with the [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] to list, in the format
projects/*/secrets/*
orprojects/*/locations/*/secrets/*
.- Type
- page_size¶
Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
- Type
- page_token¶
Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].
- Type
- filter¶
Optional. Filter string, adhering to the rules in List-operation filtering. List only secret versions matching the filter. If filter is empty, all secret versions are listed.
- Type
- class google.cloud.secretmanager_v1.types.ListSecretVersionsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Response message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions].
- versions¶
The list of [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] sorted in reverse by create_time (newest first).
- Type
MutableSequence[google.cloud.secretmanager_v1.types.SecretVersion]
- next_page_token¶
A token to retrieve the next page of results. Pass this value in [ListSecretVersionsRequest.page_token][google.cloud.secretmanager.v1.ListSecretVersionsRequest.page_token] to retrieve the next page.
- Type
- class google.cloud.secretmanager_v1.types.ListSecretsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets].
- parent¶
Required. The resource name of the project associated with the [Secrets][google.cloud.secretmanager.v1.Secret], in the format
projects/*
orprojects/*/locations/*
- Type
- page_size¶
Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.
- Type
- page_token¶
Optional. Pagination token, returned earlier via [ListSecretsResponse.next_page_token][google.cloud.secretmanager.v1.ListSecretsResponse.next_page_token].
- Type
- filter¶
Optional. Filter string, adhering to the rules in List-operation filtering. List only secrets matching the filter. If filter is empty, all secrets are listed.
- Type
- class google.cloud.secretmanager_v1.types.ListSecretsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Response message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets].
- secrets¶
The list of [Secrets][google.cloud.secretmanager.v1.Secret] sorted in reverse by create_time (newest first).
- Type
MutableSequence[google.cloud.secretmanager_v1.types.Secret]
- next_page_token¶
A token to retrieve the next page of results. Pass this value in [ListSecretsRequest.page_token][google.cloud.secretmanager.v1.ListSecretsRequest.page_token] to retrieve the next page.
- Type
- class google.cloud.secretmanager_v1.types.Replication(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
A policy that defines the replication and encryption configuration of data.
This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.
- automatic¶
The [Secret][google.cloud.secretmanager.v1.Secret] will automatically be replicated without any restrictions.
This field is a member of oneof
replication
.
- user_managed¶
The [Secret][google.cloud.secretmanager.v1.Secret] will only be replicated into the locations specified.
This field is a member of oneof
replication
.
- class Automatic(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
A replication policy that replicates the [Secret][google.cloud.secretmanager.v1.Secret] payload without any restrictions.
- customer_managed_encryption¶
Optional. The customer-managed encryption configuration of the [Secret][google.cloud.secretmanager.v1.Secret]. If no configuration is provided, Google-managed default encryption is used.
Updates to the [Secret][google.cloud.secretmanager.v1.Secret] encryption configuration only apply to [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added afterwards. They do not apply retroactively to existing [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].
- class UserManaged(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
A replication policy that replicates the [Secret][google.cloud.secretmanager.v1.Secret] payload into the locations specified in [Secret.replication.user_managed.replicas][]
- replicas¶
Required. The list of Replicas for this [Secret][google.cloud.secretmanager.v1.Secret].
Cannot be empty.
- Type
MutableSequence[google.cloud.secretmanager_v1.types.Replication.UserManaged.Replica]
- class Replica(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Represents a Replica for this [Secret][google.cloud.secretmanager.v1.Secret].
- customer_managed_encryption¶
Optional. The customer-managed encryption configuration of the [User-Managed Replica][Replication.UserManaged.Replica]. If no configuration is provided, Google-managed default encryption is used.
Updates to the [Secret][google.cloud.secretmanager.v1.Secret] encryption configuration only apply to [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added afterwards. They do not apply retroactively to existing [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].
- class google.cloud.secretmanager_v1.types.ReplicationStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
The replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.
- automatic¶
Describes the replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with automatic replication.
Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] has an automatic replication policy.
This field is a member of oneof
replication_status
.
- user_managed¶
Describes the replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with user-managed replication.
Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] has a user-managed replication policy.
This field is a member of oneof
replication_status
.
- class AutomaticStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
The replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] using automatic replication.
Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] has an automatic replication policy.
- customer_managed_encryption¶
Output only. The customer-managed encryption status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Only populated if customer-managed encryption is used.
- class UserManagedStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
The replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] using user-managed replication.
Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] has a user-managed replication policy.
- replicas¶
Output only. The list of replica statuses for the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
- Type
MutableSequence[google.cloud.secretmanager_v1.types.ReplicationStatus.UserManagedStatus.ReplicaStatus]
- class ReplicaStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Describes the status of a user-managed replica for the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
- customer_managed_encryption¶
Output only. The customer-managed encryption status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Only populated if customer-managed encryption is used.
- class google.cloud.secretmanager_v1.types.Rotation(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
The rotation time and period for a [Secret][google.cloud.secretmanager.v1.Secret]. At next_rotation_time, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. [Secret.topics][google.cloud.secretmanager.v1.Secret.topics] must be set to configure rotation.
- next_rotation_time¶
Optional. Timestamp in UTC at which the [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years).
[next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] MUST be set if [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] is set.
- rotation_period¶
Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).
If [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] is set, [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] must be set. [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] will be advanced by this period when the service automatically sends rotation notifications.
- class google.cloud.secretmanager_v1.types.Secret(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose value and versions can be accessed.
A [Secret][google.cloud.secretmanager.v1.Secret] is made up of zero or more [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] that represent the secret data.
This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.
- name¶
Output only. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] in the format
projects/*/secrets/*
.- Type
- replication¶
Optional. Immutable. The replication policy of the secret data attached to the [Secret][google.cloud.secretmanager.v1.Secret].
The replication policy cannot be changed after the Secret has been created.
- create_time¶
Output only. The time at which the [Secret][google.cloud.secretmanager.v1.Secret] was created.
- labels¶
The labels assigned to this Secret.
Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:
[\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}
Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression:
[\p{Ll}\p{Lo}\p{N}_-]{0,63}
No more than 64 labels can be assigned to a given resource.
- topics¶
Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
- Type
MutableSequence[google.cloud.secretmanager_v1.types.Topic]
- expire_time¶
Optional. Timestamp in UTC when the [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to expire. This is always provided on output, regardless of what was sent on input.
This field is a member of oneof
expiration
.
- ttl¶
Input only. The TTL for the [Secret][google.cloud.secretmanager.v1.Secret].
This field is a member of oneof
expiration
.
- etag¶
Optional. Etag of the currently stored [Secret][google.cloud.secretmanager.v1.Secret].
- Type
- rotation¶
Optional. Rotation policy attached to the [Secret][google.cloud.secretmanager.v1.Secret]. May be excluded if there is no rotation policy.
- version_aliases¶
Optional. Mapping from version alias to version name.
A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (
-
) and underscore (‘_’) characters. An alias string must start with a letter and cannot be the string ‘latest’ or ‘NEW’. No more than 50 aliases can be assigned to a given secret.Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. Access by alias is only be supported on GetSecretVersion and AccessSecretVersion.
- annotations¶
Optional. Custom metadata about the secret.
Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database.
Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols.
The total size of annotation keys and values must be less than 16KiB.
- version_destroy_ttl¶
Optional. Secret Version TTL after destruction request This is a part of the Delayed secret version destroy feature. For secret with TTL>0, version destruction doesn’t happen immediately on calling destroy instead the version goes to a disabled state and destruction happens after the TTL expires.
- customer_managed_encryption¶
Optional. The customer-managed encryption configuration of the Regionalised Secrets. If no configuration is provided, Google-managed default encryption is used.
Updates to the [Secret][google.cloud.secretmanager.v1.Secret] encryption configuration only apply to [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added afterwards. They do not apply retroactively to existing [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].
- class AnnotationsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶
Bases:
proto.message.Message
- class LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶
Bases:
proto.message.Message
- class VersionAliasesEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)¶
Bases:
proto.message.Message
- class google.cloud.secretmanager_v1.types.SecretPayload(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
A secret payload resource in the Secret Manager API. This contains the sensitive secret payload that is associated with a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
- data_crc32c¶
Optional. If specified, [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will verify the integrity of the received [data][google.cloud.secretmanager.v1.SecretPayload.data] on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] calls using the crc32c checksum and store it to include in future [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion] responses. If a checksum is not provided in the [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] request, the [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will generate and store one for you.
The CRC32C value is encoded as a Int64 for compatibility, and can be safely downconverted to uint32 in languages that support this type. https://cloud.google.com/apis/design/design_patterns#integer_types
This field is a member of oneof
_data_crc32c
.- Type
- class google.cloud.secretmanager_v1.types.SecretVersion(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
A secret version resource in the Secret Manager API.
- name¶
Output only. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format
projects/*/secrets/*/versions/*
.[SecretVersion][google.cloud.secretmanager.v1.SecretVersion] IDs in a [Secret][google.cloud.secretmanager.v1.Secret] start at 1 and are incremented for each subsequent version of the secret.
- Type
- create_time¶
Output only. The time at which the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] was created.
- destroy_time¶
Output only. The time this [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] was destroyed. Only present if [state][google.cloud.secretmanager.v1.SecretVersion.state] is [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED].
- state¶
Output only. The current state of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
- replication_status¶
The replication status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
- etag¶
Output only. Etag of the currently stored [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
- Type
- client_specified_payload_checksum¶
Output only. True if payload checksum specified in [SecretPayload][google.cloud.secretmanager.v1.SecretPayload] object has been received by [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion].
- Type
- scheduled_destroy_time¶
Optional. Output only. Scheduled destroy time for secret version. This is a part of the Delayed secret version destroy feature. For a Secret with a valid version destroy TTL, when a secert version is destroyed, the version is moved to disabled state and it is scheduled for destruction. The version is destroyed only after the
scheduled_destroy_time
.
- customer_managed_encryption¶
Output only. The customer-managed encryption status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Only populated if customer-managed encryption is used and [Secret][google.cloud.secretmanager.v1.Secret] is a Regionalised Secret.
- class State(value)[source]¶
Bases:
proto.enums.Enum
The state of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion], indicating if it can be accessed.
- Values:
- STATE_UNSPECIFIED (0):
Not specified. This value is unused and invalid.
- ENABLED (1):
The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] may be accessed.
- DISABLED (2):
The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] may not be accessed, but the secret data is still available and can be placed back into the [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED] state.
- DESTROYED (3):
The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] is destroyed and the secret data is no longer stored. A version may not leave this state once entered.
- class google.cloud.secretmanager_v1.types.Topic(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
A Pub/Sub topic which Secret Manager will publish to when control plane events occur on this secret.
- name¶
Required. The resource name of the Pub/Sub topic that will be published to, in the following format:
projects/*/topics/*
. For publication to succeed, the Secret Manager service agent must have thepubsub.topic.publish
permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher
) includes this permission.- Type
- class google.cloud.secretmanager_v1.types.UpdateSecretRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]¶
Bases:
proto.message.Message
Request message for [SecretManagerService.UpdateSecret][google.cloud.secretmanager.v1.SecretManagerService.UpdateSecret].
- secret¶
Required. [Secret][google.cloud.secretmanager.v1.Secret] with updated field values.
- update_mask¶
Required. Specifies the fields to be updated.