» google_secret_manager_secret

A Secret is a logical secret whose value and versions can be accessed.

To get more information about Secret, see:

» Example Usage - Secret Config Basic

resource "google_secret_manager_secret" "secret-basic" {
  provider = google-beta

  secret_id = "secret"

  labels = {
    label = "my-label"
  }

  replication {
    user_managed {
      replicas {
        location = "us-central1"
      }
      replicas {
        location = "us-east1"
      }
    }
  }
}

» Argument Reference

The following arguments are supported:

  • replication - (Required) The replication policy of the secret data attached to the Secret. It cannot be changed after the Secret has been created. Structure is documented below.

  • secret_id - (Required) This must be unique within the project.

The replication block supports:

  • automatic - (Optional) The Secret will automatically be replicated without any restrictions.

  • user_managed - (Optional) The Secret will automatically be replicated without any restrictions. Structure is documented below.

The user_managed block supports:

  • replicas - (Required) The list of Replicas for this Secret. Cannot be empty. Structure is documented below.

The replicas block supports:

  • location - (Required) The canonical IDs of the location to replicate data. For example: "us-east1".

  • labels - (Optional) The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}-]{0,62} Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}-]{0,63} No more than 64 labels can be assigned to a given resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/secrets/{{secret_id}}

  • name - The resource name of the Secret. Format: projects/{{project}}/secrets/{{secret_id}}

  • create_time - The time at which the Secret was created.

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • update - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

Secret can be imported using any of these accepted formats:

$ terraform import -provider=google-beta google_secret_manager_secret.default projects/{{project}}/secrets/{{secret_id}}
$ terraform import -provider=google-beta google_secret_manager_secret.default {{project}}/{{secret_id}}
$ terraform import -provider=google-beta google_secret_manager_secret.default {{secret_id}}

» User Project Overrides

This resource supports User Project Overrides.