tessl/pypi-google-cloud-secret-manager
Google Cloud Secret Manager API client library for Python that stores, manages, and secures access to application secrets
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-google-cloud-secret-manager@2.24.00
# Google Cloud Secret Manager
1
2
Google Cloud Secret Manager API client library for Python that stores, manages, and secures access to application secrets. This comprehensive client provides both synchronous and asynchronous APIs for creating, storing, accessing, and managing secrets and their versions with built-in IAM integration, encryption options, and audit capabilities.
3
4
## Package Information
5
6
- **Package Name**: google-cloud-secret-manager
7
- **Language**: Python
8
- **Installation**: `pip install google-cloud-secret-manager`
9
10
## Core Imports
11
12
```python
13
from google.cloud import secretmanager
14
```
15
16
Specific client imports:
17
18
```python
19
from google.cloud.secretmanager import SecretManagerServiceClient
20
from google.cloud.secretmanager import SecretManagerServiceAsyncClient
21
```
22
23
Type imports:
24
25
```python
26
from google.cloud.secretmanager import Secret, SecretVersion, SecretPayload
27
from google.cloud.secretmanager import CreateSecretRequest, AddSecretVersionRequest
28
from google.cloud.secretmanager import Replication, CustomerManagedEncryption
29
from google.cloud.secretmanager import Topic, Rotation
30
```
31
32
Advanced imports for enterprise features:
33
34
```python
35
# For IAM operations
36
from google.iam.v1 import iam_policy_pb2, policy_pb2
37
38
# For async operations
39
from google.cloud.secretmanager import SecretManagerServiceAsyncClient
40
41
# For pagination
42
from google.cloud.secretmanager import ListSecretsPager, ListSecretsAsyncPager
43
44
# For location operations
45
from google.cloud.location import locations_pb2
46
47
# For field masks (updates)
48
from google.protobuf import field_mask_pb2
49
```
50
51
## Basic Usage
52
53
```python
54
from google.cloud import secretmanager
55
56
# Initialize the client
57
client = secretmanager.SecretManagerServiceClient()
58
59
# Project path
60
project_id = "your-project-id"
61
parent = f"projects/{project_id}"
62
63
# Create a secret
64
secret_id = "my-secret"
65
secret = secretmanager.Secret()
66
secret.replication = secretmanager.Replication()
67
secret.replication.automatic = secretmanager.Replication.Automatic()
68
69
create_secret_request = secretmanager.CreateSecretRequest()
70
create_secret_request.parent = parent
71
create_secret_request.secret_id = secret_id
72
create_secret_request.secret = secret
73
74
response = client.create_secret(request=create_secret_request)
75
print(f"Created secret: {response.name}")
76
77
# Add a secret version with data
78
secret_name = response.name
79
payload = secretmanager.SecretPayload()
80
payload.data = b"my-secret-data"
81
82
add_version_request = secretmanager.AddSecretVersionRequest()
83
add_version_request.parent = secret_name
84
add_version_request.payload = payload
85
86
version_response = client.add_secret_version(request=add_version_request)
87
print(f"Added secret version: {version_response.name}")
88
89
# Access the secret data
90
access_request = secretmanager.AccessSecretVersionRequest()
91
access_request.name = version_response.name
92
93
access_response = client.access_secret_version(request=access_request)
94
data = access_response.payload.data.decode('utf-8')
95
print(f"Secret data: {data}")
96
```
97
98
## Architecture
99
100
Google Cloud Secret Manager client follows Google API design patterns:
101
102
- **Client Classes**: Synchronous (`SecretManagerServiceClient`) and asynchronous (`SecretManagerServiceAsyncClient`) clients providing identical APIs
103
- **Request/Response Pattern**: All API operations use structured request objects and return response objects
104
- **Resource Hierarchy**: Secrets belong to projects, secret versions belong to secrets
105
- **Transport Layer**: Supports gRPC and REST protocols with automatic retries and authentication
106
- **Type Safety**: Proto-based message types ensure type safety and schema validation
107
108
## Capabilities
109
110
### Secret Management
111
112
Core secret lifecycle operations including creating secrets with replication policies, retrieving secret metadata, updating configurations, and deleting secrets. Provides complete CRUD operations for secret resources.
113
114
```python { .api }
115
def create_secret(self, request: CreateSecretRequest = None, **kwargs) -> Secret: ...
116
def get_secret(self, request: GetSecretRequest = None, **kwargs) -> Secret: ...
117
def update_secret(self, request: UpdateSecretRequest = None, **kwargs) -> Secret: ...
118
def delete_secret(self, request: DeleteSecretRequest = None, **kwargs) -> None: ...
119
def list_secrets(self, request: ListSecretsRequest = None, **kwargs) -> ListSecretsPager: ...
120
```
121
122
[Secret Management](./secret-management.md)
123
124
### Secret Version Management
125
126
Managing secret versions and accessing secret data, including adding new versions, retrieving version metadata, accessing secret payloads, and controlling version lifecycle states (enabled/disabled/destroyed).
127
128
```python { .api }
129
def add_secret_version(self, request: AddSecretVersionRequest = None, **kwargs) -> SecretVersion: ...
130
def get_secret_version(self, request: GetSecretVersionRequest = None, **kwargs) -> SecretVersion: ...
131
def access_secret_version(self, request: AccessSecretVersionRequest = None, **kwargs) -> AccessSecretVersionResponse: ...
132
def list_secret_versions(self, request: ListSecretVersionsRequest = None, **kwargs) -> ListSecretVersionsPager: ...
133
def enable_secret_version(self, request: EnableSecretVersionRequest = None, **kwargs) -> SecretVersion: ...
134
def disable_secret_version(self, request: DisableSecretVersionRequest = None, **kwargs) -> SecretVersion: ...
135
def destroy_secret_version(self, request: DestroySecretVersionRequest = None, **kwargs) -> SecretVersion: ...
136
```
137
138
[Secret Version Management](./secret-version-management.md)
139
140
### IAM and Security
141
142
Identity and Access Management operations for controlling access to secrets, including setting IAM policies, retrieving current policies, and testing permissions. Provides fine-grained access control integration.
143
144
```python { .api }
145
def set_iam_policy(self, request: SetIamPolicyRequest = None, **kwargs) -> Policy: ...
146
def get_iam_policy(self, request: GetIamPolicyRequest = None, **kwargs) -> Policy: ...
147
def test_iam_permissions(self, request: TestIamPermissionsRequest = None, **kwargs) -> TestIamPermissionsResponse: ...
148
```
149
150
[IAM and Security](./iam-security.md)
151
152
### Data Types and Models
153
154
Core data structures including Secret, SecretVersion, SecretPayload, replication configurations, encryption settings, and all request/response types used throughout the API.
155
156
```python { .api }
157
class Secret: ...
158
class SecretVersion: ...
159
class SecretPayload: ...
160
class Replication: ...
161
class CustomerManagedEncryption: ...
162
```
163
164
[Data Types and Models](./data-types.md)
165
166
## Error Handling
167
168
The client uses Google API Core exceptions:
169
170
```python
171
from google.api_core import exceptions
172
173
try:
174
secret = client.get_secret(request=get_request)
175
except exceptions.NotFound:
176
print("Secret not found")
177
except exceptions.PermissionDenied:
178
print("Access denied")
179
except exceptions.InvalidArgument as e:
180
print(f"Invalid argument: {e}")
181
```
182
183
## Async Usage
184
185
```python
186
import asyncio
187
from google.cloud.secretmanager import SecretManagerServiceAsyncClient
188
189
async def manage_secrets():
190
async with SecretManagerServiceAsyncClient() as client:
191
# All methods are async versions of synchronous client
192
secrets = []
193
async for secret in await client.list_secrets(request=list_request):
194
secrets.append(secret)
195
return secrets
196
197
# Run async function
198
secrets = asyncio.run(manage_secrets())
199
```