google_cloud_secret_manager_create_add_version_retrieve.py

1# Import the Secret Manager client library.
2from google.cloud import secretmanager
3
4def quickstart(project_id: str, secret_id: str, payload: str) -> None:
5    """
6    Create a new secret with the given name and insert a new secret version.
7    """
8
9    # Create the Secret Manager client.
10    client = secretmanager.SecretManagerServiceClient()
11
12    # Build the resource name of the parent project.
13    parent = f"projects/{project_id}"
14
15    # Create the secret.
16    secret = client.create_secret(
17        request={
18            "parent": parent,
19            "secret_id": secret_id,
20            "secret": {"replication": {"automatic": {}}},
21        }
22    )
23
24    print(f"Created secret: {secret.name}")
25
26    # Add the secret version.
27    version = client.add_secret_version(
28        request={"parent": secret.name, "payload": {"data": payload.encode("UTF-8")}}
29    )
30
31    print(f"Added secret version: {version.name}")
32
33    # Access the secret version.
34    response = client.access_secret_version(request={"name": version.name})
35
36    # Print the secret payload.
37    #
38    # WARNING: Do not print the secret in a production environment - this
39    # snippet is showing how to access the secret material.
40    payload = response.payload.data.decode("UTF-8")
41    print(f"Plaintext: {payload}")