SecretManagerServiceClient(*, credentials: typing.Optional[google.auth.credentials.Credentials] = None, transport: typing.Optional[typing.Union[str, google.cloud.secretmanager_v1beta1.services.secret_manager_service.transports.base.SecretManagerServiceTransport, typing.Callable[[...], google.cloud.secretmanager_v1beta1.services.secret_manager_service.transports.base.SecretManagerServiceTransport]]] = None, client_options: typing.Optional[typing.Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)Secret Manager Service
Manages secrets and operations using those secrets. Implements a REST model with the following objects:
- Secret
- SecretVersion
Properties
api_endpoint
Return the API endpoint used by the client instance.
| Returns | |
|---|---|
| Type | Description | 
| str | The API endpoint used by the client instance. | 
transport
Returns the transport used by the client instance.
| Returns | |
|---|---|
| Type | Description | 
| SecretManagerServiceTransport | The transport used by the client instance. | 
universe_domain
Return the universe domain used by the client instance.
| Returns | |
|---|---|
| Type | Description | 
| str | The universe domain used by the client instance. | 
Methods
SecretManagerServiceClient
SecretManagerServiceClient(*, credentials: typing.Optional[google.auth.credentials.Credentials] = None, transport: typing.Optional[typing.Union[str, google.cloud.secretmanager_v1beta1.services.secret_manager_service.transports.base.SecretManagerServiceTransport, typing.Callable[[...], google.cloud.secretmanager_v1beta1.services.secret_manager_service.transports.base.SecretManagerServiceTransport]]] = None, client_options: typing.Optional[typing.Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)Instantiates the secret manager service client.
| Parameters | |
|---|---|
| Name | Description | 
| credentials | Optional[google.auth.credentials.Credentials]The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. | 
| transport | Optional[Union[str,SecretManagerServiceTransport,Callable[..., SecretManagerServiceTransport]]]The transport to use, or a Callable that constructs and returns a new transport. If a Callable is given, it will be called with the same set of initialization arguments as used in the SecretManagerServiceTransport constructor. If set to None, a transport is chosen automatically. | 
| client_options | Optional[Union[google.api_core.client_options.ClientOptions, dict]]Custom options for the client. 1. The  | 
| client_info | google.api_core.gapic_v1.client_info.ClientInfoThe client info used to send a user-agent string along with API requests. If  | 
| Exceptions | |
|---|---|
| Type | Description | 
| google.auth.exceptions.MutualTLSChannelError | If mutual TLS transport creation failed for any reason. | 
__exit__
__exit__(type, value, traceback)Releases underlying transport's resources.
access_secret_version
access_secret_version(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.AccessSecretVersionRequest,
            dict,
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.secretmanager_v1beta1.types.service.AccessSecretVersionResponseAccesses a xref_SecretVersion. This call returns the secret data.
projects/*/secrets/*/versions/latest is an alias to the
latest
xref_SecretVersion.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_access_secret_version():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.AccessSecretVersionRequest(
        name="name_value",
    )
    # Make the request
    response = client.access_secret_version(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.AccessSecretVersionRequest, dict]The request object. Request message for SecretManagerService.AccessSecretVersion. | 
| name | strRequired. The resource name of the SecretVersion in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.types.AccessSecretVersionResponse | Response message for SecretManagerService.AccessSecretVersion. | 
add_secret_version
add_secret_version(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.AddSecretVersionRequest,
            dict,
        ]
    ] = None,
    *,
    parent: typing.Optional[str] = None,
    payload: typing.Optional[
        google.cloud.secretmanager_v1beta1.types.resources.SecretPayload
    ] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.secretmanager_v1beta1.types.resources.SecretVersionCreates a new xref_SecretVersion containing secret data and attaches it to an existing xref_Secret.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_add_secret_version():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.AddSecretVersionRequest(
        parent="parent_value",
    )
    # Make the request
    response = client.add_secret_version(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.AddSecretVersionRequest, dict]The request object. Request message for SecretManagerService.AddSecretVersion. | 
| parent | strRequired. The resource name of the Secret to associate with the SecretVersion in the format  | 
| payload | google.cloud.secretmanager_v1beta1.types.SecretPayloadRequired. The secret payload of the SecretVersion. This corresponds to the  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.types.SecretVersion | A secret version resource in the Secret Manager API. | 
common_billing_account_path
common_billing_account_path(billing_account: str) -> strReturns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str) -> strReturns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str) -> strReturns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str) -> strReturns a fully-qualified organization string.
common_project_path
common_project_path(project: str) -> strReturns a fully-qualified project string.
create_secret
create_secret(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.CreateSecretRequest, dict
        ]
    ] = None,
    *,
    parent: typing.Optional[str] = None,
    secret_id: typing.Optional[str] = None,
    secret: typing.Optional[
        google.cloud.secretmanager_v1beta1.types.resources.Secret
    ] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.secretmanager_v1beta1.types.resources.SecretCreates a new xref_Secret containing no xref_SecretVersions.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_create_secret():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.CreateSecretRequest(
        parent="parent_value",
        secret_id="secret_id_value",
    )
    # Make the request
    response = client.create_secret(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.CreateSecretRequest, dict]The request object. Request message for SecretManagerService.CreateSecret. | 
| parent | strRequired. The resource name of the project to associate with the Secret, in the format  | 
| secret_id | strRequired. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen ( | 
| secret | google.cloud.secretmanager_v1beta1.types.SecretRequired. A Secret with initial field values. This corresponds to the  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.types.Secret | A Secret is a logical secret whose value and versions can be accessed. A Secret is made up of zero or more SecretVersions that represent the secret data. | 
delete_secret
delete_secret(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.DeleteSecretRequest, dict
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> NoneDeletes a xref_Secret.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_delete_secret():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.DeleteSecretRequest(
        name="name_value",
    )
    # Make the request
    client.delete_secret(request=request)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.DeleteSecretRequest, dict]The request object. Request message for SecretManagerService.DeleteSecret. | 
| name | strRequired. The resource name of the Secret to delete in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
destroy_secret_version
destroy_secret_version(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.DestroySecretVersionRequest,
            dict,
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.secretmanager_v1beta1.types.resources.SecretVersionDestroys a xref_SecretVersion.
Sets the xref_state of the xref_SecretVersion to xref_DESTROYED and irrevocably destroys the secret data.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_destroy_secret_version():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.DestroySecretVersionRequest(
        name="name_value",
    )
    # Make the request
    response = client.destroy_secret_version(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.DestroySecretVersionRequest, dict]The request object. Request message for SecretManagerService.DestroySecretVersion. | 
| name | strRequired. The resource name of the SecretVersion to destroy in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.types.SecretVersion | A secret version resource in the Secret Manager API. | 
disable_secret_version
disable_secret_version(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.DisableSecretVersionRequest,
            dict,
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.secretmanager_v1beta1.types.resources.SecretVersionDisables a xref_SecretVersion.
Sets the xref_state of the xref_SecretVersion to xref_DISABLED.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_disable_secret_version():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.DisableSecretVersionRequest(
        name="name_value",
    )
    # Make the request
    response = client.disable_secret_version(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.DisableSecretVersionRequest, dict]The request object. Request message for SecretManagerService.DisableSecretVersion. | 
| name | strRequired. The resource name of the SecretVersion to disable in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.types.SecretVersion | A secret version resource in the Secret Manager API. | 
enable_secret_version
enable_secret_version(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.EnableSecretVersionRequest,
            dict,
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.secretmanager_v1beta1.types.resources.SecretVersionEnables a xref_SecretVersion.
Sets the xref_state of the xref_SecretVersion to xref_ENABLED.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_enable_secret_version():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.EnableSecretVersionRequest(
        name="name_value",
    )
    # Make the request
    response = client.enable_secret_version(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.EnableSecretVersionRequest, dict]The request object. Request message for SecretManagerService.EnableSecretVersion. | 
| name | strRequired. The resource name of the SecretVersion to enable in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.types.SecretVersion | A secret version resource in the Secret Manager API. | 
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)Creates an instance of this client using the provided credentials file.
| Parameter | |
|---|---|
| Name | Description | 
| filename | strThe path to the service account private key json file. | 
| Returns | |
|---|---|
| Type | Description | 
| SecretManagerServiceClient | The constructed client. | 
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)Creates an instance of this client using the provided credentials info.
| Parameter | |
|---|---|
| Name | Description | 
| info | dictThe service account private key info. | 
| Returns | |
|---|---|
| Type | Description | 
| SecretManagerServiceClient | The constructed client. | 
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)Creates an instance of this client using the provided credentials file.
| Parameter | |
|---|---|
| Name | Description | 
| filename | strThe path to the service account private key json file. | 
| Returns | |
|---|---|
| Type | Description | 
| SecretManagerServiceClient | The constructed client. | 
get_iam_policy
get_iam_policy(
    request: typing.Optional[
        typing.Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]
    ] = None,
    *,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.iam.v1.policy_pb2.PolicyGets the access control policy for a secret. Returns empty policy if the secret exists and does not have a policy set.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
from google.iam.v1 import iam_policy_pb2  # type: ignore
def sample_get_iam_policy():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = iam_policy_pb2.GetIamPolicyRequest(
        resource="resource_value",
    )
    # Make the request
    response = client.get_iam_policy(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]The request object. Request message for  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.iam.v1.policy_pb2.Policy | An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** :literal: \{ "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ],="" "etag":="" "bwwwja0yfja=", " version":="" 3="">\ \**YAML example:** :literal:\bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01t00:00:00.000z')="" etag:="" bwwwja0yfja="version:">\ \For a description of IAM and its features, see the [IAM documentation](\ https://cloud.google.com/iam/docs/). | 
get_mtls_endpoint_and_cert_source
get_mtls_endpoint_and_cert_source(
    client_options: typing.Optional[
        google.api_core.client_options.ClientOptions
    ] = None,
)Deprecated. Return the API endpoint and client cert source for mutual TLS.
The client cert source is determined in the following order:
(1) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not "true", the
client cert source is None.
(2) if client_options.client_cert_source is provided, use the provided one; if the
default client cert source exists, use the default one; otherwise the client cert
source is None.
The API endpoint is determined in the following order:
(1) if client_options.api_endpoint if provided, use the provided one.
(2) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "always", use the
default mTLS endpoint; if the environment variable is "never", use the default API
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
use the default API endpoint.
More details can be found at https://google.aip.dev/auth/4114.
| Parameter | |
|---|---|
| Name | Description | 
| client_options | google.api_core.client_options.ClientOptionsCustom options for the client. Only the  | 
| Exceptions | |
|---|---|
| Type | Description | 
| google.auth.exceptions.MutualTLSChannelError | If any errors happen. | 
| Returns | |
|---|---|
| Type | Description | 
| Tuple[str, Callable[[], Tuple[bytes, bytes]]] | returns the API endpoint and the client cert source to use. | 
get_secret
get_secret(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.GetSecretRequest, dict
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.secretmanager_v1beta1.types.resources.SecretGets metadata for a given xref_Secret.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_get_secret():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.GetSecretRequest(
        name="name_value",
    )
    # Make the request
    response = client.get_secret(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.GetSecretRequest, dict]The request object. Request message for SecretManagerService.GetSecret. | 
| name | strRequired. The resource name of the Secret, in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.types.Secret | A Secret is a logical secret whose value and versions can be accessed. A Secret is made up of zero or more SecretVersions that represent the secret data. | 
get_secret_version
get_secret_version(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.GetSecretVersionRequest,
            dict,
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.secretmanager_v1beta1.types.resources.SecretVersionGets metadata for a xref_SecretVersion.
projects/*/secrets/*/versions/latest is an alias to the
latest
xref_SecretVersion.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_get_secret_version():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.GetSecretVersionRequest(
        name="name_value",
    )
    # Make the request
    response = client.get_secret_version(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.GetSecretVersionRequest, dict]The request object. Request message for SecretManagerService.GetSecretVersion. | 
| name | strRequired. The resource name of the SecretVersion in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.types.SecretVersion | A secret version resource in the Secret Manager API. | 
list_secret_versions
list_secret_versions(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.ListSecretVersionsRequest,
            dict,
        ]
    ] = None,
    *,
    parent: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> (
    google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsPager
)Lists xref_SecretVersions. This call does not return secret data.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_list_secret_versions():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.ListSecretVersionsRequest(
        parent="parent_value",
    )
    # Make the request
    page_result = client.list_secret_versions(request=request)
    # Handle the response
    for response in page_result:
        print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.ListSecretVersionsRequest, dict]The request object. Request message for SecretManagerService.ListSecretVersions. | 
| parent | strRequired. The resource name of the Secret associated with the SecretVersions to list, in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretVersionsPager | Response message for SecretManagerService.ListSecretVersions. Iterating over this object will yield results and resolve additional pages automatically. | 
list_secrets
list_secrets(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.ListSecretsRequest, dict
        ]
    ] = None,
    *,
    parent: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> (
    google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsPager
)Lists xref_Secrets.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_list_secrets():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.ListSecretsRequest(
        parent="parent_value",
    )
    # Make the request
    page_result = client.list_secrets(request=request)
    # Handle the response
    for response in page_result:
        print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.ListSecretsRequest, dict]The request object. Request message for SecretManagerService.ListSecrets. | 
| parent | strRequired. The resource name of the project associated with the Secrets, in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.services.secret_manager_service.pagers.ListSecretsPager | Response message for SecretManagerService.ListSecrets. Iterating over this object will yield results and resolve additional pages automatically. | 
parse_common_billing_account_path
parse_common_billing_account_path(path: str) -> typing.Dict[str, str]Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str) -> typing.Dict[str, str]Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str) -> typing.Dict[str, str]Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str) -> typing.Dict[str, str]Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str) -> typing.Dict[str, str]Parse a project path into its component segments.
parse_secret_path
parse_secret_path(path: str) -> typing.Dict[str, str]Parses a secret path into its component segments.
parse_secret_version_path
parse_secret_version_path(path: str) -> typing.Dict[str, str]Parses a secret_version path into its component segments.
secret_path
secret_path(project: str, secret: str) -> strReturns a fully-qualified secret string.
secret_version_path
secret_version_path(project: str, secret: str, secret_version: str) -> strReturns a fully-qualified secret_version string.
set_iam_policy
set_iam_policy(
    request: typing.Optional[
        typing.Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]
    ] = None,
    *,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.iam.v1.policy_pb2.PolicySets the access control policy on the specified secret. Replaces any existing policy.
Permissions on xref_SecretVersions are enforced according to the policy set on the associated xref_Secret.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
from google.iam.v1 import iam_policy_pb2  # type: ignore
def sample_set_iam_policy():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = iam_policy_pb2.SetIamPolicyRequest(
        resource="resource_value",
    )
    # Make the request
    response = client.set_iam_policy(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]The request object. Request message for  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.iam.v1.policy_pb2.Policy | An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** :literal: \{ "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ],="" "etag":="" "bwwwja0yfja=", " version":="" 3="">\ \**YAML example:** :literal:\bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01t00:00:00.000z')="" etag:="" bwwwja0yfja="version:">\ \For a description of IAM and its features, see the [IAM documentation](\ https://cloud.google.com/iam/docs/). | 
test_iam_permissions
test_iam_permissions(
    request: typing.Optional[
        typing.Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]
    ] = None,
    *,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.iam.v1.iam_policy_pb2.TestIamPermissionsResponseReturns permissions that a caller has for the specified secret. If the secret does not exist, this call returns an empty set of permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
from google.iam.v1 import iam_policy_pb2  # type: ignore
def sample_test_iam_permissions():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = iam_policy_pb2.TestIamPermissionsRequest(
        resource="resource_value",
        permissions=['permissions_value1', 'permissions_value2'],
    )
    # Make the request
    response = client.test_iam_permissions(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]The request object. Request message for  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse | Response message for TestIamPermissions method. | 
update_secret
update_secret(
    request: typing.Optional[
        typing.Union[
            google.cloud.secretmanager_v1beta1.types.service.UpdateSecretRequest, dict
        ]
    ] = None,
    *,
    secret: typing.Optional[
        google.cloud.secretmanager_v1beta1.types.resources.Secret
    ] = None,
    update_mask: typing.Optional[google.protobuf.field_mask_pb2.FieldMask] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, str]] = ()
) -> google.cloud.secretmanager_v1beta1.types.resources.SecretUpdates metadata of an existing xref_Secret.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import secretmanager_v1beta1
def sample_update_secret():
    # Create a client
    client = secretmanager_v1beta1.SecretManagerServiceClient()
    # Initialize request argument(s)
    request = secretmanager_v1beta1.UpdateSecretRequest(
    )
    # Make the request
    response = client.update_secret(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.secretmanager_v1beta1.types.UpdateSecretRequest, dict]The request object. Request message for SecretManagerService.UpdateSecret. | 
| secret | google.cloud.secretmanager_v1beta1.types.SecretRequired. Secret with updated field values. This corresponds to the  | 
| update_mask | google.protobuf.field_mask_pb2.FieldMaskRequired. Specifies the fields to be updated. This corresponds to the  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, str]]Strings which should be sent along with the request as metadata. | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.secretmanager_v1beta1.types.Secret | A Secret is a logical secret whose value and versions can be accessed. A Secret is made up of zero or more SecretVersions that represent the secret data. |