versions
Creates, updates, deletes, gets or lists a versions resource.
Overview
| Name | versions |
| Type | Resource |
| Id | google.secretmanager.versions |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name of the SecretVersion in the format projects/*/secrets/*/versions/*. SecretVersion IDs in a Secret start at 1 and are incremented for each subsequent version of the secret. |
clientSpecifiedPayloadChecksum | boolean | Output only. True if payload checksum specified in SecretPayload object has been received by SecretManagerService on SecretManagerService.AddSecretVersion. |
createTime | string (google-datetime) | Output only. The time at which the SecretVersion was created. |
customerManagedEncryption | object | Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used and Secret is a regionalized secret. (id: CustomerManagedEncryptionStatus) |
destroyTime | string (google-datetime) | Output only. The time this SecretVersion was destroyed. Only present if state is DESTROYED. |
etag | string | Output only. Etag of the currently stored SecretVersion. |
replicationStatus | object | The replication status of the SecretVersion. (id: ReplicationStatus) |
scheduledDestroyTime | string (google-datetime) | Optional. Output only. Scheduled destroy time for secret version. This is a part of the Delayed secret version destroy feature. For a Secret with a valid version destroy TTL, when a secert version is destroyed, version is moved to disabled state and it is scheduled for destruction Version is destroyed only after the scheduled_destroy_time. |
state | string | Output only. The current state of the SecretVersion. |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name of the SecretVersion in the format projects/*/secrets/*/versions/*. SecretVersion IDs in a Secret start at 1 and are incremented for each subsequent version of the secret. |
clientSpecifiedPayloadChecksum | boolean | Output only. True if payload checksum specified in SecretPayload object has been received by SecretManagerService on SecretManagerService.AddSecretVersion. |
createTime | string (google-datetime) | Output only. The time at which the SecretVersion was created. |
customerManagedEncryption | object | Output only. The customer-managed encryption status of the SecretVersion. Only populated if customer-managed encryption is used and Secret is a regionalized secret. (id: CustomerManagedEncryptionStatus) |
destroyTime | string (google-datetime) | Output only. The time this SecretVersion was destroyed. Only present if state is DESTROYED. |
etag | string | Output only. Etag of the currently stored SecretVersion. |
replicationStatus | object | The replication status of the SecretVersion. (id: ReplicationStatus) |
scheduledDestroyTime | string (google-datetime) | Optional. Output only. Scheduled destroy time for secret version. This is a part of the Delayed secret version destroy feature. For a Secret with a valid version destroy TTL, when a secert version is destroyed, version is moved to disabled state and it is scheduled for destruction Version is destroyed only after the scheduled_destroy_time. |
state | string | Output only. The current state of the SecretVersion. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | projectsId, secretsId, versionsId | Gets metadata for a SecretVersion. projects/*/secrets/*/versions/latest is an alias to the most recently created SecretVersion. | |
list | select | projectsId, secretsId | pageSize, pageToken, filter | Lists SecretVersions. This call does not return secret data. |
destroy | delete | projectsId, secretsId, versionsId | Destroys a SecretVersion. Sets the state of the SecretVersion to DESTROYED and irrevocably destroys the secret data. | |
access | exec | projectsId, secretsId, versionsId | Accesses a SecretVersion. This call returns the secret data. projects/*/secrets/*/versions/latest is an alias to the most recently created SecretVersion. | |
disable | exec | projectsId, secretsId, versionsId | Disables a SecretVersion. Sets the state of the SecretVersion to DISABLED. | |
enable | exec | projectsId, secretsId, versionsId | Enables a SecretVersion. Sets the state of the SecretVersion to ENABLED. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
projectsId | string | |
secretsId | string | |
versionsId | string | |
filter | string | |
pageSize | integer (int32) | |
pageToken | string |
SELECT examples
- get
- list
Gets metadata for a SecretVersion. projects/*/secrets/*/versions/latest is an alias to the most recently created SecretVersion.
SELECT
name,
clientSpecifiedPayloadChecksum,
createTime,
customerManagedEncryption,
destroyTime,
etag,
replicationStatus,
scheduledDestroyTime,
state
FROM google.secretmanager.versions
WHERE projectsId = '{{ projectsId }}' -- required
AND secretsId = '{{ secretsId }}' -- required
AND versionsId = '{{ versionsId }}' -- required;
Lists SecretVersions. This call does not return secret data.
SELECT
name,
clientSpecifiedPayloadChecksum,
createTime,
customerManagedEncryption,
destroyTime,
etag,
replicationStatus,
scheduledDestroyTime,
state
FROM google.secretmanager.versions
WHERE projectsId = '{{ projectsId }}' -- required
AND secretsId = '{{ secretsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND filter = '{{ filter }}';
DELETE examples
- destroy
Destroys a SecretVersion. Sets the state of the SecretVersion to DESTROYED and irrevocably destroys the secret data.
DELETE FROM google.secretmanager.versions
WHERE projectsId = '{{ projectsId }}' --required
AND secretsId = '{{ secretsId }}' --required
AND versionsId = '{{ versionsId }}' --required;
Lifecycle Methods
- access
- disable
- enable
Accesses a SecretVersion. This call returns the secret data. projects/*/secrets/*/versions/latest is an alias to the most recently created SecretVersion.
EXEC google.secretmanager.versions.access
@projectsId='{{ projectsId }}' --required,
@secretsId='{{ secretsId }}' --required,
@versionsId='{{ versionsId }}' --required;
Disables a SecretVersion. Sets the state of the SecretVersion to DISABLED.
EXEC google.secretmanager.versions.disable
@projectsId='{{ projectsId }}' --required,
@secretsId='{{ secretsId }}' --required,
@versionsId='{{ versionsId }}' --required
@@json=
'{
"etag": "{{ etag }}"
}';
Enables a SecretVersion. Sets the state of the SecretVersion to ENABLED.
EXEC google.secretmanager.versions.enable
@projectsId='{{ projectsId }}' --required,
@secretsId='{{ secretsId }}' --required,
@versionsId='{{ versionsId }}' --required
@@json=
'{
"etag": "{{ etag }}"
}';