In Secret Manager, a secret is a wrapper around a collection of secret versions. The secret stores metadata such as labels and replication, but it does not contain the actual secret. This topic describes how you can list all the secrets and view a secret's metadata. You can also list secret versions and view the details of each version.
Before you begin
-
Listing secrets requires the Secret Manager Viewer role (
roles/secretmanager.viewer
) on the secret, project, folder, or organization. Viewing a secret's metadata requires the Secret Manager Viewer role (
roles/secretmanager.viewer
) on the secret, project, folder, or organization.
List secrets
These examples show how to list all the secrets that you have permission to view in the project.
Console
-
Go to the Secret Manager page in the Google Cloud console.
-
This page displays the list of secrets in the project.
gcloud
To use Secret Manager on the command line, first Install or upgrade to version 378.0.0 or higher of the Google Cloud CLI. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
$ gcloud secrets list
C#
To run this code, first set up a C# development environment and install the Secret Manager C# SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Go
To run this code, first set up a Go development environment and install the Secret Manager Go SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Java
To run this code, first set up a Java development environment and install the Secret Manager Java SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Node.js
To run this code, first set up a Node.js development environment and install the Secret Manager Node.js SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
PHP
To run this code, first learn about using PHP on Google Cloud and install the Secret Manager PHP SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Python
To run this code, first set up a Python development environment and install the Secret Manager Python SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Ruby
To run this code, first set up a Ruby development environment and install the Secret Manager Ruby SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
API
These examples use curl to demonstrate using the API. You can generate access tokens with gcloud auth print-access-token. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
$ curl "https://secretmanager.googleapis.com/v1/projects/project-id/secrets" \
--request "GET" \
--header "authorization: Bearer $(gcloud auth print-access-token)" \
--header "content-type: application/json"
View secret details
These examples show how to get details about a secret by viewing its metadata.
Console
-
Go to the Secret Manager page in the Google Cloud console.
-
On the Secret Manager page, click on the name of a secret to describe.
-
The Secret detail page lists information about the secret.
gcloud
To use Secret Manager on the command line, first Install or upgrade to version 378.0.0 or higher of the Google Cloud CLI. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
$ gcloud secrets describe secret-id
C#
To run this code, first set up a C# development environment and install the Secret Manager C# SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Go
To run this code, first set up a Go development environment and install the Secret Manager Go SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Java
To run this code, first set up a Java development environment and install the Secret Manager Java SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Node.js
To run this code, first set up a Node.js development environment and install the Secret Manager Node.js SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
PHP
To run this code, first learn about using PHP on Google Cloud and install the Secret Manager PHP SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Python
To run this code, first set up a Python development environment and install the Secret Manager Python SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
Ruby
To run this code, first set up a Ruby development environment and install the Secret Manager Ruby SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
API
These examples use curl to demonstrate using the API. You can generate access tokens with gcloud auth print-access-token. On Compute Engine or GKE, you must authenticate with the cloud-platform scope.
$ curl "https://secretmanager.googleapis.com/v1/projects/project-id/secrets/secret-id" \
--request "GET" \
--header "authorization: Bearer $(gcloud auth print-access-token)" \
--header "content-type: application/json"
For information about granting roles to users, see Access control with IAM.
What's next
- Learn how to edit secrets.
- Learn how to set up rotation schedules for secrets.
- Learn how to set up notifications on a secret.