Google Cloud Secret Manager

Google Cloud Secret Manager API

The Secret Manager API enables creating, managing, and accessing secrets and their versions, providing secure storage for sensitive configuration data and credentials.

GitHub OpenAPI

Documentation

📖
Documentation
https://cloud.google.com/secret-manager/docs/reference/rest
📖
Authentication
https://cloud.google.com/docs/authentication
📖
GettingStarted
https://cloud.google.com/secret-manager/docs/quickstart

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/google-cloud-secret-manager/refs/heads/main/openapi/openapi.yml

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/google-cloud-secret-manager/refs/heads/main/json-schema/secret.json

Other Resources

🔗
JSONLDContext
https://raw.githubusercontent.com/api-evangelist/google-cloud-secret-manager/refs/heads/main/json-ld/context.jsonld
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/google-cloud-secret-manager/refs/heads/main/capabilities/openapi-secret-versions.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/google-cloud-secret-manager/refs/heads/main/capabilities/openapi-secrets.yaml

OpenAPI Specification

openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Google Cloud Secret Manager API
  description: >-
    The Secret Manager API enables creating, managing, and accessing secrets
    and their versions, providing secure storage for sensitive configuration
    data and credentials.
  version: 1.0.0
  contact:
    name: Google Cloud
    url: https://cloud.google.com/secret-manager
servers:
  - url: https://secretmanager.googleapis.com/v1
    description: Google Cloud Secret Manager Production
paths:
  /projects/{projectId}/secrets:
    get:
      operationId: listSecrets
      summary: Google Cloud Secret Manager List secrets
      description: Lists secrets in a project.
      tags:
        - Secrets
      parameters:
        - name: projectId
          in: path
          required: true
          schema:
            type: string
        - name: pageSize
          in: query
          schema:
            type: integer
        - name: pageToken
          in: query
          schema:
            type: string
        - name: filter
          in: query
          schema:
            type: string
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  secrets:
                    type: array
                    items:
                      $ref: '#/components/schemas/Secret'
                  nextPageToken:
                    type: string
                  totalSize:
                    type: integer
    post:
      operationId: createSecret
      summary: Google Cloud Secret Manager Create a secret
      description: Creates a new secret in a project.
      tags:
        - Secrets
      parameters:
        - name: projectId
          in: path
          required: true
          schema:
            type: string
        - name: secretId
          in: query
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Secret'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Secret'
  /projects/{projectId}/secrets/{secretId}:
    get:
      operationId: getSecret
      summary: Google Cloud Secret Manager Get a secret
      description: Retrieves metadata about a secret.
      tags:
        - Secrets
      parameters:
        - name: projectId
          in: path
          required: true
          schema:
            type: string
        - name: secretId
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Secret'
    patch:
      operationId: updateSecret
      summary: Google Cloud Secret Manager Update a secret
      description: Updates metadata of a secret.
      tags:
        - Secrets
      parameters:
        - name: projectId
          in: path
          required: true
          schema:
            type: string
        - name: secretId
          in: path
          required: true
          schema:
            type: string
        - name: updateMask
          in: query
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Secret'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Secret'
    delete:
      operationId: deleteSecret
      summary: Google Cloud Secret Manager Delete a secret
      description: Deletes a secret and all of its versions.
      tags:
        - Secrets
      parameters:
        - name: projectId
          in: path
          required: true
          schema:
            type: string
        - name: secretId
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful response
  /projects/{projectId}/secrets/{secretId}:addVersion:
    post:
      operationId: addSecretVersion
      summary: Google Cloud Secret Manager Add a secret version
      description: Creates a new secret version containing secret data.
      tags:
        - Secret Versions
      parameters:
        - name: projectId
          in: path
          required: true
          schema:
            type: string
        - name: secretId
          in: path
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                payload:
                  type: object
                  properties:
                    data:
                      type: string
                      description: Base64-encoded secret data.
              required:
                - payload
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecretVersion'
  /projects/{projectId}/secrets/{secretId}/versions:
    get:
      operationId: listSecretVersions
      summary: Google Cloud Secret Manager List secret versions
      description: Lists secret versions for a secret.
      tags:
        - Secret Versions
      parameters:
        - name: projectId
          in: path
          required: true
          schema:
            type: string
        - name: secretId
          in: path
          required: true
          schema:
            type: string
        - name: pageSize
          in: query
          schema:
            type: integer
        - name: pageToken
          in: query
          schema:
            type: string
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  versions:
                    type: array
                    items:
                      $ref: '#/components/schemas/SecretVersion'
                  nextPageToken:
                    type: string
                  totalSize:
                    type: integer
  /projects/{projectId}/secrets/{secretId}/versions/{versionId}:access:
    get:
      operationId: accessSecretVersion
      summary: Google Cloud Secret Manager Access a secret version
      description: Accesses a secret version's data.
      tags:
        - Secret Versions
      parameters:
        - name: projectId
          in: path
          required: true
          schema:
            type: string
        - name: secretId
          in: path
          required: true
          schema:
            type: string
        - name: versionId
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                properties:
                  name:
                    type: string
                  payload:
                    type: object
                    properties:
                      data:
                        type: string
                        description: Base64-encoded secret data.
                      dataCrc32c:
                        type: string
  /projects/{projectId}/secrets/{secretId}/versions/{versionId}:destroy:
    post:
      operationId: destroySecretVersion
      summary: Google Cloud Secret Manager Destroy a secret version
      description: Destroys a secret version, making the data inaccessible.
      tags:
        - Secret Versions
      parameters:
        - name: projectId
          in: path
          required: true
          schema:
            type: string
        - name: secretId
          in: path
          required: true
          schema:
            type: string
        - name: versionId
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                etag:
                  type: string
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecretVersion'
components:
  schemas:
    Secret:
      type: object
      properties:
        name:
          type: string
          description: Resource name of the secret.
        replication:
          type: object
          description: Replication policy of the secret.
          properties:
            automatic:
              type: object
              properties:
                customerManagedEncryption:
                  type: object
                  properties:
                    kmsKeyName:
                      type: string
            userManaged:
              type: object
              properties:
                replicas:
                  type: array
                  items:
                    type: object
                    properties:
                      location:
                        type: string
                      customerManagedEncryption:
                        type: object
                        properties:
                          kmsKeyName:
                            type: string
        createTime:
          type: string
          format: date-time
          description: Timestamp when the secret was created.
        labels:
          type: object
          additionalProperties:
            type: string
          description: Labels attached to the secret.
        topics:
          type: array
          items:
            type: object
            properties:
              name:
                type: string
          description: Pub/Sub topics for secret notifications.
        expireTime:
          type: string
          format: date-time
          description: Timestamp when the secret expires.
        ttl:
          type: string
          description: Time-to-live duration for the secret.
        etag:
          type: string
          description: Entity tag for optimistic concurrency control.
        rotation:
          type: object
          properties:
            nextRotationTime:
              type: string
              format: date-time
            rotationPeriod:
              type: string
        versionAliases:
          type: object
          additionalProperties:
            type: string
          description: Mapping of version aliases to version numbers.
    SecretVersion:
      type: object
      properties:
        name:
          type: string
          description: Resource name of the secret version.
        createTime:
          type: string
          format: date-time
          description: Timestamp when the version was created.
        destroyTime:
          type: string
          format: date-time
          description: Timestamp when the version was destroyed.
        state:
          type: string
          enum:
            - STATE_UNSPECIFIED
            - ENABLED
            - DISABLED
            - DESTROYED
          description: Current state of the secret version.
        etag:
          type: string
          description: Entity tag for optimistic concurrency control.
        replicationStatus:
          type: object
          description: Replication status of the secret version.
        clientSpecifiedPayloadChecksum:
          type: boolean
          description: Whether client specified a payload checksum.
  securitySchemes:
    oauth2:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://accounts.google.com/o/oauth2/auth
          tokenUrl: https://oauth2.googleapis.com/token
          scopes:
            https://www.googleapis.com/auth/cloud-platform: Full access to Google Cloud
tags:
  - name: Secret Versions
  - name: Secrets