As of January 1, 2020 this library no longer supports Python 2 on the latest released version. Library versions released prior to that date will continue to be available. For more information please visit Python 2 support on Google Cloud.

Types for Google Cloud Secretmanager v1 API

class google.cloud.secretmanager_v1.types.AccessSecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion].

name

Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

projects/*/secrets/*/versions/latest or projects/*/locations/*/secrets/*/versions/latest is an alias to the most recently created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].

Type

str

class google.cloud.secretmanager_v1.types.AccessSecretVersionResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Response message for [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion].

name

The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

Type

str

payload

Secret payload

Type

google.cloud.secretmanager_v1.types.SecretPayload

class google.cloud.secretmanager_v1.types.AddSecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion].

parent

Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to associate with the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format projects/*/secrets/* or projects/*/locations/*/secrets/*.

Type

str

payload

Required. The secret payload of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].

Type

google.cloud.secretmanager_v1.types.SecretPayload

class google.cloud.secretmanager_v1.types.CreateSecretRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.CreateSecret][google.cloud.secretmanager.v1.SecretManagerService.CreateSecret].

parent

Required. The resource name of the project to associate with the [Secret][google.cloud.secretmanager.v1.Secret], in the format projects/* or projects/*/locations/*.

Type

str

secret_id

Required. This must be unique within the project.

A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (-) and underscore (_) characters.

Type

str

secret

Required. A [Secret][google.cloud.secretmanager.v1.Secret] with initial field values.

Type

google.cloud.secretmanager_v1.types.Secret

class google.cloud.secretmanager_v1.types.CustomerManagedEncryption(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Configuration for encrypting secret payloads using customer-managed encryption keys (CMEK).

kms_key_name

Required. The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.

For secrets using the [UserManaged][google.cloud.secretmanager.v1.Replication.UserManaged] replication policy type, Cloud KMS CryptoKeys must reside in the same location as the [replica location][Secret.UserManaged.Replica.location].

For secrets using the [Automatic][google.cloud.secretmanager.v1.Replication.Automatic] replication policy type, Cloud KMS CryptoKeys must reside in global.

The expected format is projects/*/locations/*/keyRings/*/cryptoKeys/*.

Type

str

class google.cloud.secretmanager_v1.types.CustomerManagedEncryptionStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Describes the status of customer-managed encryption.

kms_key_version_name

Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the secret payload, in the following format: projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*.

Type

str

class google.cloud.secretmanager_v1.types.DeleteSecretRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.DeleteSecret][google.cloud.secretmanager.v1.SecretManagerService.DeleteSecret].

name

Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] to delete in the format projects/*/secrets/*.

Type

str

etag

Optional. Etag of the [Secret][google.cloud.secretmanager.v1.Secret]. The request succeeds if it matches the etag of the currently stored secret object. If the etag is omitted, the request succeeds.

Type

str

class google.cloud.secretmanager_v1.types.DestroySecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.DestroySecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DestroySecretVersion].

name

Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to destroy in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

Type

str

etag

Optional. Etag of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.

Type

str

class google.cloud.secretmanager_v1.types.DisableSecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.DisableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.DisableSecretVersion].

name

Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to disable in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

Type

str

etag

Optional. Etag of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.

Type

str

class google.cloud.secretmanager_v1.types.EnableSecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.EnableSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.EnableSecretVersion].

name

Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to enable in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

Type

str

etag

Optional. Etag of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. The request succeeds if it matches the etag of the currently stored secret version object. If the etag is omitted, the request succeeds.

Type

str

class google.cloud.secretmanager_v1.types.GetSecretRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.GetSecret][google.cloud.secretmanager.v1.SecretManagerService.GetSecret].

name

Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret], in the format projects/*/secrets/* or projects/*/locations/*/secrets/*.

Type

str

class google.cloud.secretmanager_v1.types.GetSecretVersionRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.GetSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.GetSecretVersion].

name

Required. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format projects/*/secrets/*/versions/* or projects/*/locations/*/secrets/*/versions/*.

projects/*/secrets/*/versions/latest or projects/*/locations/*/secrets/*/versions/latest is an alias to the most recently created [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].

Type

str

class google.cloud.secretmanager_v1.types.ListSecretVersionsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions].

parent

Required. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] associated with the [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] to list, in the format projects/*/secrets/* or projects/*/locations/*/secrets/*.

Type

str

page_size

Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.

Type

int

page_token

Optional. Pagination token, returned earlier via ListSecretVersionsResponse.next_page_token][].

Type

str

filter

Optional. Filter string, adhering to the rules in List-operation filtering. List only secret versions matching the filter. If filter is empty, all secret versions are listed.

Type

str

class google.cloud.secretmanager_v1.types.ListSecretVersionsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Response message for [SecretManagerService.ListSecretVersions][google.cloud.secretmanager.v1.SecretManagerService.ListSecretVersions].

versions

The list of [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] sorted in reverse by create_time (newest first).

Type

MutableSequence[google.cloud.secretmanager_v1.types.SecretVersion]

next_page_token

A token to retrieve the next page of results. Pass this value in [ListSecretVersionsRequest.page_token][google.cloud.secretmanager.v1.ListSecretVersionsRequest.page_token] to retrieve the next page.

Type

str

total_size

The total number of [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] but 0 when the [ListSecretsRequest.filter][google.cloud.secretmanager.v1.ListSecretsRequest.filter] field is set.

Type

int

class google.cloud.secretmanager_v1.types.ListSecretsRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets].

parent

Required. The resource name of the project associated with the [Secrets][google.cloud.secretmanager.v1.Secret], in the format projects/* or projects/*/locations/*

Type

str

page_size

Optional. The maximum number of results to be returned in a single page. If set to 0, the server decides the number of results to return. If the number is greater than 25000, it is capped at 25000.

Type

int

page_token

Optional. Pagination token, returned earlier via [ListSecretsResponse.next_page_token][google.cloud.secretmanager.v1.ListSecretsResponse.next_page_token].

Type

str

filter

Optional. Filter string, adhering to the rules in List-operation filtering. List only secrets matching the filter. If filter is empty, all secrets are listed.

Type

str

class google.cloud.secretmanager_v1.types.ListSecretsResponse(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Response message for [SecretManagerService.ListSecrets][google.cloud.secretmanager.v1.SecretManagerService.ListSecrets].

secrets

The list of [Secrets][google.cloud.secretmanager.v1.Secret] sorted in reverse by create_time (newest first).

Type

MutableSequence[google.cloud.secretmanager_v1.types.Secret]

next_page_token

A token to retrieve the next page of results. Pass this value in [ListSecretsRequest.page_token][google.cloud.secretmanager.v1.ListSecretsRequest.page_token] to retrieve the next page.

Type

str

total_size

The total number of [Secrets][google.cloud.secretmanager.v1.Secret] but 0 when the [ListSecretsRequest.filter][google.cloud.secretmanager.v1.ListSecretsRequest.filter] field is set.

Type

int

class google.cloud.secretmanager_v1.types.Replication(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

A policy that defines the replication and encryption configuration of data.

This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

automatic

The [Secret][google.cloud.secretmanager.v1.Secret] will automatically be replicated without any restrictions.

This field is a member of oneof replication.

Type

google.cloud.secretmanager_v1.types.Replication.Automatic

user_managed

The [Secret][google.cloud.secretmanager.v1.Secret] will only be replicated into the locations specified.

This field is a member of oneof replication.

Type

google.cloud.secretmanager_v1.types.Replication.UserManaged

class Automatic(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

A replication policy that replicates the [Secret][google.cloud.secretmanager.v1.Secret] payload without any restrictions.

customer_managed_encryption

Optional. The customer-managed encryption configuration of the [Secret][google.cloud.secretmanager.v1.Secret]. If no configuration is provided, Google-managed default encryption is used.

Updates to the [Secret][google.cloud.secretmanager.v1.Secret] encryption configuration only apply to [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added afterwards. They do not apply retroactively to existing [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].

Type

google.cloud.secretmanager_v1.types.CustomerManagedEncryption

class UserManaged(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

A replication policy that replicates the [Secret][google.cloud.secretmanager.v1.Secret] payload into the locations specified in [Secret.replication.user_managed.replicas][]

replicas

Required. The list of Replicas for this [Secret][google.cloud.secretmanager.v1.Secret].

Cannot be empty.

Type

MutableSequence[google.cloud.secretmanager_v1.types.Replication.UserManaged.Replica]

class Replica(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Represents a Replica for this [Secret][google.cloud.secretmanager.v1.Secret].

location

The canonical IDs of the location to replicate data. For example: "us-east1".

Type

str

customer_managed_encryption

Optional. The customer-managed encryption configuration of the [User-Managed Replica][Replication.UserManaged.Replica]. If no configuration is provided, Google-managed default encryption is used.

Updates to the [Secret][google.cloud.secretmanager.v1.Secret] encryption configuration only apply to [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added afterwards. They do not apply retroactively to existing [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].

Type

google.cloud.secretmanager_v1.types.CustomerManagedEncryption

class google.cloud.secretmanager_v1.types.ReplicationStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

The replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].

This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

automatic

Describes the replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with automatic replication.

Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] has an automatic replication policy.

This field is a member of oneof replication_status.

Type

google.cloud.secretmanager_v1.types.ReplicationStatus.AutomaticStatus

user_managed

Describes the replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with user-managed replication.

Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] has a user-managed replication policy.

This field is a member of oneof replication_status.

Type

google.cloud.secretmanager_v1.types.ReplicationStatus.UserManagedStatus

class AutomaticStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

The replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] using automatic replication.

Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] has an automatic replication policy.

customer_managed_encryption

Output only. The customer-managed encryption status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Only populated if customer-managed encryption is used.

Type

google.cloud.secretmanager_v1.types.CustomerManagedEncryptionStatus

class UserManagedStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

The replication status of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] using user-managed replication.

Only populated if the parent [Secret][google.cloud.secretmanager.v1.Secret] has a user-managed replication policy.

replicas

Output only. The list of replica statuses for the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].

Type

MutableSequence[google.cloud.secretmanager_v1.types.ReplicationStatus.UserManagedStatus.ReplicaStatus]

class ReplicaStatus(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Describes the status of a user-managed replica for the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].

location

Output only. The canonical ID of the replica location. For example: "us-east1".

Type

str

customer_managed_encryption

Output only. The customer-managed encryption status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Only populated if customer-managed encryption is used.

Type

google.cloud.secretmanager_v1.types.CustomerManagedEncryptionStatus

class google.cloud.secretmanager_v1.types.Rotation(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

The rotation time and period for a [Secret][google.cloud.secretmanager.v1.Secret]. At next_rotation_time, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. [Secret.topics][google.cloud.secretmanager.v1.Secret.topics] must be set to configure rotation.

next_rotation_time

Optional. Timestamp in UTC at which the [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to rotate. Cannot be set to less than 300s (5 min) in the future and at most 3153600000s (100 years).

[next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] MUST be set if [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] is set.

Type

google.protobuf.timestamp_pb2.Timestamp

rotation_period

Input only. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).

If [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] is set, [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] must be set. [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] will be advanced by this period when the service automatically sends rotation notifications.

Type

google.protobuf.duration_pb2.Duration

class google.cloud.secretmanager_v1.types.Secret(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

A [Secret][google.cloud.secretmanager.v1.Secret] is a logical secret whose value and versions can be accessed.

A [Secret][google.cloud.secretmanager.v1.Secret] is made up of zero or more [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] that represent the secret data.

This message has oneof fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

name

Output only. The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] in the format projects/*/secrets/*.

Type

str

replication

Optional. Immutable. The replication policy of the secret data attached to the [Secret][google.cloud.secretmanager.v1.Secret].

The replication policy cannot be changed after the Secret has been created.

Type

google.cloud.secretmanager_v1.types.Replication

create_time

Output only. The time at which the [Secret][google.cloud.secretmanager.v1.Secret] was created.

Type

google.protobuf.timestamp_pb2.Timestamp

labels

The labels assigned to this Secret.

Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}

Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}

No more than 64 labels can be assigned to a given resource.

Type

MutableMapping[str, str]

topics

Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.

Type

MutableSequence[google.cloud.secretmanager_v1.types.Topic]

expire_time

Optional. Timestamp in UTC when the [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to expire. This is always provided on output, regardless of what was sent on input.

This field is a member of oneof expiration.

Type

google.protobuf.timestamp_pb2.Timestamp

ttl

Input only. The TTL for the [Secret][google.cloud.secretmanager.v1.Secret].

This field is a member of oneof expiration.

Type

google.protobuf.duration_pb2.Duration

etag

Optional. Etag of the currently stored [Secret][google.cloud.secretmanager.v1.Secret].

Type

str

rotation

Optional. Rotation policy attached to the [Secret][google.cloud.secretmanager.v1.Secret]. May be excluded if there is no rotation policy.

Type

google.cloud.secretmanager_v1.types.Rotation

version_aliases

Optional. Mapping from version alias to version name.

A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (-) and underscore (‘_’) characters. An alias string must start with a letter and cannot be the string ‘latest’ or ‘NEW’. No more than 50 aliases can be assigned to a given secret.

Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. Access by alias is only be supported on GetSecretVersion and AccessSecretVersion.

Type

MutableMapping[str, int]

annotations

Optional. Custom metadata about the secret.

Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database.

Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols.

The total size of annotation keys and values must be less than 16KiB.

Type

MutableMapping[str, str]

version_destroy_ttl

Optional. Secret Version TTL after destruction request This is a part of the Delayed secret version destroy feature. For secret with TTL>0, version destruction doesn’t happen immediately on calling destroy instead the version goes to a disabled state and destruction happens after the TTL expires.

Type

google.protobuf.duration_pb2.Duration

customer_managed_encryption

Optional. The customer-managed encryption configuration of the Regionalised Secrets. If no configuration is provided, Google-managed default encryption is used.

Updates to the [Secret][google.cloud.secretmanager.v1.Secret] encryption configuration only apply to [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added afterwards. They do not apply retroactively to existing [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].

Type

google.cloud.secretmanager_v1.types.CustomerManagedEncryption

class AnnotationsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

class LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

class VersionAliasesEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Bases: proto.message.Message

class google.cloud.secretmanager_v1.types.SecretPayload(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

A secret payload resource in the Secret Manager API. This contains the sensitive secret payload that is associated with a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].

data

The secret data. Must be no larger than 64KiB.

Type

bytes

data_crc32c

Optional. If specified, [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will verify the integrity of the received [data][google.cloud.secretmanager.v1.SecretPayload.data] on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] calls using the crc32c checksum and store it to include in future [SecretManagerService.AccessSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AccessSecretVersion] responses. If a checksum is not provided in the [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion] request, the [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] will generate and store one for you.

The CRC32C value is encoded as a Int64 for compatibility, and can be safely downconverted to uint32 in languages that support this type. https://cloud.google.com/apis/design/design_patterns#integer_types

This field is a member of oneof _data_crc32c.

Type

int

class google.cloud.secretmanager_v1.types.SecretVersion(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

A secret version resource in the Secret Manager API.

name

Output only. The resource name of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the format projects/*/secrets/*/versions/*.

[SecretVersion][google.cloud.secretmanager.v1.SecretVersion] IDs in a [Secret][google.cloud.secretmanager.v1.Secret] start at 1 and are incremented for each subsequent version of the secret.

Type

str

create_time

Output only. The time at which the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] was created.

Type

google.protobuf.timestamp_pb2.Timestamp

destroy_time

Output only. The time this [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] was destroyed. Only present if [state][google.cloud.secretmanager.v1.SecretVersion.state] is [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED].

Type

google.protobuf.timestamp_pb2.Timestamp

state

Output only. The current state of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].

Type

google.cloud.secretmanager_v1.types.SecretVersion.State

replication_status

The replication status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].

Type

google.cloud.secretmanager_v1.types.ReplicationStatus

etag

Output only. Etag of the currently stored [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].

Type

str

client_specified_payload_checksum

Output only. True if payload checksum specified in [SecretPayload][google.cloud.secretmanager.v1.SecretPayload] object has been received by [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion].

Type

bool

scheduled_destroy_time

Optional. Output only. Scheduled destroy time for secret version. This is a part of the Delayed secret version destroy feature. For a Secret with a valid version destroy TTL, when a secert version is destroyed, the version is moved to disabled state and it is scheduled for destruction. The version is destroyed only after the scheduled_destroy_time.

Type

google.protobuf.timestamp_pb2.Timestamp

customer_managed_encryption

Output only. The customer-managed encryption status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. Only populated if customer-managed encryption is used and [Secret][google.cloud.secretmanager.v1.Secret] is a Regionalised Secret.

Type

google.cloud.secretmanager_v1.types.CustomerManagedEncryptionStatus

class State(value)[source]

Bases: proto.enums.Enum

The state of a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion], indicating if it can be accessed.

Values:
STATE_UNSPECIFIED (0):

Not specified. This value is unused and invalid.

ENABLED (1):

The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] may be accessed.

DISABLED (2):

The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] may not be accessed, but the secret data is still available and can be placed back into the [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED] state.

DESTROYED (3):

The [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] is destroyed and the secret data is no longer stored. A version may not leave this state once entered.

class google.cloud.secretmanager_v1.types.Topic(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

A Pub/Sub topic which Secret Manager will publish to when control plane events occur on this secret.

name

Required. The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*. For publication to succeed, the Secret Manager service agent must have the pubsub.topic.publish permission on the topic. The Pub/Sub Publisher role (roles/pubsub.publisher) includes this permission.

Type

str

class google.cloud.secretmanager_v1.types.UpdateSecretRequest(mapping=None, *, ignore_unknown_fields=False, **kwargs)[source]

Bases: proto.message.Message

Request message for [SecretManagerService.UpdateSecret][google.cloud.secretmanager.v1.SecretManagerService.UpdateSecret].

secret

Required. [Secret][google.cloud.secretmanager.v1.Secret] with updated field values.

Type

google.cloud.secretmanager_v1.types.Secret

update_mask

Required. Specifies the fields to be updated.

Type

google.protobuf.field_mask_pb2.FieldMask