Secret Manager Secret in Google Cloud is a secure resource used to store, manage, and access sensitive information such as API keys, passwords, or certificates. It provides centralized secret management with fine-grained access control, automatic replication, and audit logging. This helps ensure that applications can safely retrieve secrets without embedding them in code or configuration files.
Fields
| Title | ID | Type | Data Type | Description |
|---|
| _key | core | string | |
| ancestors | core | array<string> | |
| annotations | core | hstore | Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB. |
| create_time | core | timestamp | Output only. The time at which the Secret was created. |
| customer_managed_encryption | core | json | Optional. The customer-managed encryption configuration of the regionalized secrets. If no configuration is provided, Google-managed default encryption is used. Updates to the Secret encryption configuration only apply to SecretVersions added afterwards. They do not apply retroactively to existing SecretVersions. |
| datadog_display_name | core | string | |
| etag | core | string | Optional. Etag of the currently stored Secret. |
| expire_time | core | timestamp | Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. |
| labels | core | array<string> | The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource. |
| name | core | string | Output only. The resource name of the Secret in the format `projects/*/secrets/*`. |
| organization_id | core | string | |
| parent | core | string | |
| project_id | core | string | |
| project_number | core | string | |
| replication | core | json | Optional. Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created. |
| resource_name | core | string | |
| rotation | core | json | Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy. |
| tags | core | hstore | |
| topics | core | json | Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. |
| ttl | core | string | Input only. The TTL for the Secret. |
| version_destroy_ttl | core | string | Optional. Secret Version TTL after destruction request This is a part of the Delayed secret version destroy feature. For secret with TTL>0, version destruction doesn't happen immediately on calling destroy instead the version goes to a disabled state and destruction happens after the TTL expires. |
