Google Git
Sign in
code / google-api-go-client / 5d37cb767971b537d893709b0284f1578de05733 / . / secretmanager / v1beta1 / secretmanager-api.json
blob: a9add7ef0d2ba2f7b59ad73a006c5c5317b4d38e [file] [log] [blame]
{
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "View and manage your data across Google Cloud Platform services"
}
}
}
},
"basePath": "",
"baseUrl": "https://secretmanager.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Secret Manager",
"description": "Stores sensitive data such as API keys, passwords, and certificates. Provides convenience while improving security.\n",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/secret-manager/",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "secretmanager:v1beta1",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://secretmanager.mtls.googleapis.com/",
"name": "secretmanager",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"projects": {
"resources": {
"locations": {
"methods": {
"get": {
"description": "Gets information about a location.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}",
"httpMethod": "GET",
"id": "secretmanager.projects.locations.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Resource name for the location.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+name}",
"response": {
"$ref": "Location"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "Lists information about the supported locations for this service.",
"flatPath": "v1beta1/projects/{projectsId}/locations",
"httpMethod": "GET",
"id": "secretmanager.projects.locations.list",
"parameterOrder": [
"name"
],
"parameters": {
"filter": {
"description": "The standard list filter.",
"location": "query",
"type": "string"
},
"name": {
"description": "The resource that owns the locations collection, if applicable.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
"type": "string"
},
"pageSize": {
"description": "The standard list page size.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "The standard list page token.",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/{+name}/locations",
"response": {
"$ref": "ListLocationsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
},
"secrets": {
"methods": {
"addVersion": {
"description": "Creates a new SecretVersion containing secret data and attaches\nit to an existing Secret.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}:addVersion",
"httpMethod": "POST",
"id": "secretmanager.projects.secrets.addVersion",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. The resource name of the Secret to associate with the\nSecretVersion in the format `projects/*/secrets/*`.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+parent}:addVersion",
"request": {
"$ref": "AddSecretVersionRequest"
},
"response": {
"$ref": "SecretVersion"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"create": {
"description": "Creates a new Secret containing no SecretVersions.",
"flatPath": "v1beta1/projects/{projectsId}/secrets",
"httpMethod": "POST",
"id": "secretmanager.projects.secrets.create",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. The resource name of the project to associate with the\nSecret, in the format `projects/*`.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
"type": "string"
},
"secretId": {
"description": "Required. This must be unique within the project.\n\nA secret ID is a string with a maximum length of 255 characters and can\ncontain uppercase and lowercase letters, numerals, and the hyphen (`-`) and\nunderscore (`_`) characters.",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/{+parent}/secrets",
"request": {
"$ref": "Secret"
},
"response": {
"$ref": "Secret"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Deletes a Secret.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}",
"httpMethod": "DELETE",
"id": "secretmanager.projects.secrets.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. The resource name of the Secret to delete in the format\n`projects/*/secrets/*`.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+name}",
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Gets metadata for a given Secret.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}",
"httpMethod": "GET",
"id": "secretmanager.projects.secrets.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. The resource name of the Secret, in the format `projects/*/secrets/*`.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+name}",
"response": {
"$ref": "Secret"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"getIamPolicy": {
"description": "Gets the access control policy for a secret.\nReturns empty policy if the secret exists and does not have a policy set.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}:getIamPolicy",
"httpMethod": "GET",
"id": "secretmanager.projects.secrets.getIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
},
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+resource}:getIamPolicy",
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "Lists Secrets.",
"flatPath": "v1beta1/projects/{projectsId}/secrets",
"httpMethod": "GET",
"id": "secretmanager.projects.secrets.list",
"parameterOrder": [
"parent"
],
"parameters": {
"pageSize": {
"description": "Optional. The maximum number of results to be returned in a single page. If\nset to 0, the server decides the number of results to return. If the\nnumber is greater than 25000, it is capped at 25000.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional. Pagination token, returned earlier via\nListSecretsResponse.next_page_token.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. The resource name of the project associated with the\nSecrets, in the format `projects/*`.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+parent}/secrets",
"response": {
"$ref": "ListSecretsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"patch": {
"description": "Updates metadata of an existing Secret.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}",
"httpMethod": "PATCH",
"id": "secretmanager.projects.secrets.patch",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Output only. The resource name of the Secret in the format `projects/*/secrets/*`.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+$",
"required": true,
"type": "string"
},
"updateMask": {
"description": "Required. Specifies the fields to be updated.",
"format": "google-fieldmask",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/{+name}",
"request": {
"$ref": "Secret"
},
"response": {
"$ref": "Secret"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified secret. Replaces any\nexisting policy.\n\nPermissions on SecretVersions are enforced according\nto the policy set on the associated Secret.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}:setIamPolicy",
"httpMethod": "POST",
"id": "secretmanager.projects.secrets.setIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+resource}:setIamPolicy",
"request": {
"$ref": "SetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has for the specified secret.\nIf the secret does not exist, this call returns an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}:testIamPermissions",
"httpMethod": "POST",
"id": "secretmanager.projects.secrets.testIamPermissions",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+resource}:testIamPermissions",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"response": {
"$ref": "TestIamPermissionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
},
"resources": {
"versions": {
"methods": {
"access": {
"description": "Accesses a SecretVersion. This call returns the secret data.\n\n`projects/*/secrets/*/versions/latest` is an alias to the `latest`\nSecretVersion.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}/versions/{versionsId}:access",
"httpMethod": "GET",
"id": "secretmanager.projects.secrets.versions.access",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. The resource name of the SecretVersion in the format\n`projects/*/secrets/*/versions/*`.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+/versions/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+name}:access",
"response": {
"$ref": "AccessSecretVersionResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"destroy": {
"description": "Destroys a SecretVersion.\n\nSets the state of the SecretVersion to\nDESTROYED and irrevocably destroys the\nsecret data.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}/versions/{versionsId}:destroy",
"httpMethod": "POST",
"id": "secretmanager.projects.secrets.versions.destroy",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. The resource name of the SecretVersion to destroy in the format\n`projects/*/secrets/*/versions/*`.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+/versions/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+name}:destroy",
"request": {
"$ref": "DestroySecretVersionRequest"
},
"response": {
"$ref": "SecretVersion"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"disable": {
"description": "Disables a SecretVersion.\n\nSets the state of the SecretVersion to\nDISABLED.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}/versions/{versionsId}:disable",
"httpMethod": "POST",
"id": "secretmanager.projects.secrets.versions.disable",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. The resource name of the SecretVersion to disable in the format\n`projects/*/secrets/*/versions/*`.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+/versions/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+name}:disable",
"request": {
"$ref": "DisableSecretVersionRequest"
},
"response": {
"$ref": "SecretVersion"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"enable": {
"description": "Enables a SecretVersion.\n\nSets the state of the SecretVersion to\nENABLED.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}/versions/{versionsId}:enable",
"httpMethod": "POST",
"id": "secretmanager.projects.secrets.versions.enable",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. The resource name of the SecretVersion to enable in the format\n`projects/*/secrets/*/versions/*`.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+/versions/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+name}:enable",
"request": {
"$ref": "EnableSecretVersionRequest"
},
"response": {
"$ref": "SecretVersion"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Gets metadata for a SecretVersion.\n\n`projects/*/secrets/*/versions/latest` is an alias to the `latest`\nSecretVersion.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}/versions/{versionsId}",
"httpMethod": "GET",
"id": "secretmanager.projects.secrets.versions.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. The resource name of the SecretVersion in the format\n`projects/*/secrets/*/versions/*`.\n`projects/*/secrets/*/versions/latest` is an alias to the `latest`\nSecretVersion.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+/versions/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+name}",
"response": {
"$ref": "SecretVersion"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "Lists SecretVersions. This call does not return secret\ndata.",
"flatPath": "v1beta1/projects/{projectsId}/secrets/{secretsId}/versions",
"httpMethod": "GET",
"id": "secretmanager.projects.secrets.versions.list",
"parameterOrder": [
"parent"
],
"parameters": {
"pageSize": {
"description": "Optional. The maximum number of results to be returned in a single page. If\nset to 0, the server decides the number of results to return. If the\nnumber is greater than 25000, it is capped at 25000.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional. Pagination token, returned earlier via\nListSecretVersionsResponse.next_page_token][].",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. The resource name of the Secret associated with the\nSecretVersions to list, in the format\n`projects/*/secrets/*`.",
"location": "path",
"pattern": "^projects/[^/]+/secrets/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+parent}/versions",
"response": {
"$ref": "ListSecretVersionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
}
}
}
}
},
"revision": "20200612",
"rootUrl": "https://secretmanager.googleapis.com/",
"schemas": {
"AccessSecretVersionResponse": {
"description": "Response message for SecretManagerService.AccessSecretVersion.",
"id": "AccessSecretVersionResponse",
"properties": {
"name": {
"description": "The resource name of the SecretVersion in the format\n`projects/*/secrets/*/versions/*`.",
"type": "string"
},
"payload": {
"$ref": "SecretPayload",
"description": "Secret payload"
}
},
"type": "object"
},
"AddSecretVersionRequest": {
"description": "Request message for SecretManagerService.AddSecretVersion.",
"id": "AddSecretVersionRequest",
"properties": {
"payload": {
"$ref": "SecretPayload",
"description": "Required. The secret payload of the SecretVersion."
}
},
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
"description": "The configuration for logging of each type of permission.",
"items": {
"$ref": "AuditLogConfig"
},
"type": "array"
},
"service": {
"description": "Specifies a service that will be enabled for audit logging.\nFor example, `storage.googleapis.com`, `cloudsql.googleapis.com`.\n`allServices` is a special value that covers all services.",
"type": "string"
}
},
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
"description": "Specifies the identities that do not cause logging for this type of\npermission.\nFollows the same format of Binding.members.",
"items": {
"type": "string"
},
"type": "array"
},
"logType": {
"description": "The log type that this config enables.",
"enum": [
"LOG_TYPE_UNSPECIFIED",
"ADMIN_READ",
"DATA_WRITE",
"DATA_READ"
],
"enumDescriptions": [
"Default case. Should never be this.",
"Admin reads. Example: CloudIAM getIamPolicy",
"Data writes. Example: CloudSQL Users create",
"Data reads. Example: CloudSQL Users list"
],
"type": "string"
}
},
"type": "object"
},
"Automatic": {
"description": "A replication policy that replicates the Secret payload without any\nrestrictions.",
"id": "Automatic",
"properties": {},
"type": "object"
},
"Binding": {
"description": "Associates `members` with a `role`.",
"id": "Binding",
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"items": {
"type": "string"
},
"type": "array"
},
"role": {
"description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
"type": "string"
}
},
"type": "object"
},
"DestroySecretVersionRequest": {
"description": "Request message for SecretManagerService.DestroySecretVersion.",
"id": "DestroySecretVersionRequest",
"properties": {},
"type": "object"
},
"DisableSecretVersionRequest": {
"description": "Request message for SecretManagerService.DisableSecretVersion.",
"id": "DisableSecretVersionRequest",
"properties": {},
"type": "object"
},
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n service Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
"id": "Empty",
"properties": {},
"type": "object"
},
"EnableSecretVersionRequest": {
"description": "Request message for SecretManagerService.EnableSecretVersion.",
"id": "EnableSecretVersionRequest",
"properties": {},
"type": "object"
},
"Expr": {
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() \u003c 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' \u0026\u0026 document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
"properties": {
"description": {
"description": "Optional. Description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in Common Expression Language\nsyntax.",
"type": "string"
},
"location": {
"description": "Optional. String indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "Optional. Title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"ListLocationsResponse": {
"description": "The response message for Locations.ListLocations.",
"id": "ListLocationsResponse",
"properties": {
"locations": {
"description": "A list of locations that matches the specified filter in the request.",
"items": {
"$ref": "Location"
},
"type": "array"
},
"nextPageToken": {
"description": "The standard List next-page token.",
"type": "string"
}
},
"type": "object"
},
"ListSecretVersionsResponse": {
"description": "Response message for SecretManagerService.ListSecretVersions.",
"id": "ListSecretVersionsResponse",
"properties": {
"nextPageToken": {
"description": "A token to retrieve the next page of results. Pass this value in\nListSecretVersionsRequest.page_token to retrieve the next page.",
"type": "string"
},
"totalSize": {
"description": "The total number of SecretVersions.",
"format": "int32",
"type": "integer"
},
"versions": {
"description": "The list of SecretVersions sorted in reverse by\ncreate_time (newest first).",
"items": {
"$ref": "SecretVersion"
},
"type": "array"
}
},
"type": "object"
},
"ListSecretsResponse": {
"description": "Response message for SecretManagerService.ListSecrets.",
"id": "ListSecretsResponse",
"properties": {
"nextPageToken": {
"description": "A token to retrieve the next page of results. Pass this value in\nListSecretsRequest.page_token to retrieve the next page.",
"type": "string"
},
"secrets": {
"description": "The list of Secrets sorted in reverse by create_time (newest\nfirst).",
"items": {
"$ref": "Secret"
},
"type": "array"
},
"totalSize": {
"description": "The total number of Secrets.",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"Location": {
"description": "A resource that represents Google Cloud Platform location.",
"id": "Location",
"properties": {
"displayName": {
"description": "The friendly name for this location, typically a nearby city name.\nFor example, \"Tokyo\".",
"type": "string"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "Cross-service attributes for the location. For example\n\n {\"cloud.googleapis.com/region\": \"us-east1\"}",
"type": "object"
},
"locationId": {
"description": "The canonical id for this location. For example: `\"us-east1\"`.",
"type": "string"
},
"metadata": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "Service-specific metadata. For example the available capacity at the given\nlocation.",
"type": "object"
},
"name": {
"description": "Resource name for the location, which may vary between implementations.\nFor example: `\"projects/example-project/locations/us-east1\"`",
"type": "string"
}
},
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
"description": "Specifies cloud audit logging configuration for this policy.",
"items": {
"$ref": "AuditConfig"
},
"type": "array"
},
"bindings": {
"description": "Associates a list of `members` to a `role`. Optionally, may specify a\n`condition` that determines how and when the `bindings` are applied. Each\nof the `bindings` must contain at least one member.",
"items": {
"$ref": "Binding"
},
"type": "array"
},
"etag": {
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.",
"format": "byte",
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"Replica": {
"description": "Represents a Replica for this Secret.",
"id": "Replica",
"properties": {
"location": {
"description": "The canonical IDs of the location to replicate data.\nFor example: `\"us-east1\"`.",
"type": "string"
}
},
"type": "object"
},
"Replication": {
"description": "A policy that defines the replication configuration of data.",
"id": "Replication",
"properties": {
"automatic": {
"$ref": "Automatic",
"description": "The Secret will automatically be replicated without any restrictions."
},
"userManaged": {
"$ref": "UserManaged",
"description": "The Secret will only be replicated into the locations specified."
}
},
"type": "object"
},
"Secret": {
"description": "A Secret is a logical secret whose value and versions can\nbe accessed.\n\nA Secret is made up of zero or more SecretVersions that\nrepresent the secret data.",
"id": "Secret",
"properties": {
"createTime": {
"description": "Output only. The time at which the Secret was created.",
"format": "google-datetime",
"type": "string"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding\nof maximum 128 bytes, and must conform to the following PCRE regular\nexpression: `\\p{Ll}\\p{Lo}{0,62}`\n\nLabel values must be between 0 and 63 characters long, have a UTF-8\nencoding of maximum 128 bytes, and must conform to the following PCRE\nregular expression: `[\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}`\n\nNo more than 64 labels can be assigned to a given resource.",
"type": "object"
},
"name": {
"description": "Output only. The resource name of the Secret in the format `projects/*/secrets/*`.",
"type": "string"
},
"replication": {
"$ref": "Replication",
"description": "Required. Immutable. The replication policy of the secret data attached to the Secret.\n\nThe replication policy cannot be changed after the Secret has been created."
}
},
"type": "object"
},
"SecretPayload": {
"description": "A secret payload resource in the Secret Manager API. This contains the\nsensitive secret data that is associated with a SecretVersion.",
"id": "SecretPayload",
"properties": {
"data": {
"description": "The secret data. Must be no larger than 64KiB.",
"format": "byte",
"type": "string"
}
},
"type": "object"
},
"SecretVersion": {
"description": "A secret version resource in the Secret Manager API.",
"id": "SecretVersion",
"properties": {
"createTime": {
"description": "Output only. The time at which the SecretVersion was created.",
"format": "google-datetime",
"type": "string"
},
"destroyTime": {
"description": "Output only. The time this SecretVersion was destroyed.\nOnly present if state is\nDESTROYED.",
"format": "google-datetime",
"type": "string"
},
"name": {
"description": "Output only. The resource name of the SecretVersion in the\nformat `projects/*/secrets/*/versions/*`.\n\nSecretVersion IDs in a Secret start at 1 and\nare incremented for each subsequent version of the secret.",
"type": "string"
},
"state": {
"description": "Output only. The current state of the SecretVersion.",
"enum": [
"STATE_UNSPECIFIED",
"ENABLED",
"DISABLED",
"DESTROYED"
],
"enumDescriptions": [
"Not specified. This value is unused and invalid.",
"The SecretVersion may be accessed.",
"The SecretVersion may not be accessed, but the secret data\nis still available and can be placed back into the ENABLED\nstate.",
"The SecretVersion is destroyed and the secret data is no longer\nstored. A version may not leave this state once entered."
],
"type": "string"
}
},
"type": "object"
},
"SetIamPolicyRequest": {
"description": "Request message for `SetIamPolicy` method.",
"id": "SetIamPolicyRequest",
"properties": {
"policy": {
"$ref": "Policy",
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}
},
"type": "object"
},
"TestIamPermissionsRequest": {
"description": "Request message for `TestIamPermissions` method.",
"id": "TestIamPermissionsRequest",
"properties": {
"permissions": {
"description": "The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"TestIamPermissionsResponse": {
"description": "Response message for `TestIamPermissions` method.",
"id": "TestIamPermissionsResponse",
"properties": {
"permissions": {
"description": "A subset of `TestPermissionsRequest.permissions` that the caller is\nallowed.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"UserManaged": {
"description": "A replication policy that replicates the Secret payload into the\nlocations specified in Secret.replication.user_managed.replicas",
"id": "UserManaged",
"properties": {
"replicas": {
"description": "Required. The list of Replicas for this Secret.\n\nCannot be empty.",
"items": {
"$ref": "Replica"
},
"type": "array"
}
},
"type": "object"
}
},
"servicePath": "",
"title": "Secret Manager API",
"version": "v1beta1",
"version_module": true
}