Lockbox API, gRPC: SecretService
A set of methods for managing secrets.
Call | Description |
---|---|
Get | Returns the specified secret. |
List | Retrieves the list of secrets in the specified folder. |
Create | Creates a secret in the specified folder. |
Update | Updates the specified secret. |
Delete | Deletes the specified secret. |
Activate | Activates the specified secret. |
Deactivate | Deactivates the specified secret. |
ListVersions | Retrieves the list of versions of the specified secret. |
AddVersion | Adds new version based on a previous one. |
ScheduleVersionDestruction | Schedules the specified version for destruction. |
CancelVersionDestruction | Cancels previously scheduled version destruction, if the version hasn't been destroyed yet. |
ListOperations | Lists operations for the specified secret. |
ListAccessBindings | Lists existing access bindings for the specified secret. |
SetAccessBindings | Sets access bindings for the secret. |
UpdateAccessBindings | Updates access bindings for the secret. |
Calls SecretService
Get
Returns the specified secret.
To get the list of all available secrets, make a List request. Use PayloadService.Get to get the payload (confidential data themselves) of the secret.
rpc Get (GetSecretRequest) returns (Secret)
GetSecretRequest
Field | Description |
---|---|
secret_id | string Required. ID of the secret to return. To get a secret ID make a List request. The maximum string length in characters is 50. |
Secret
Field | Description |
---|---|
id | string ID of the secret. |
folder_id | string ID of the folder that the secret belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the secret. |
description | string Description of the secret. |
labels | map<string,string> Custom labels for the secret as key:value pairs. Maximum 64 per key. |
kms_key_id | string Optional ID of the KMS key will be used to encrypt and decrypt the secret. |
status | enum Status Status of the secret.
|
current_version | Version Current (i.e. the latest ) version of the secret. |
deletion_protection | bool Flag that inhibits deletion of the secret. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
List
Retrieves the list of secrets in the specified folder.
rpc List (ListSecretsRequest) returns (ListSecretsResponse)
ListSecretsRequest
Field | Description |
---|---|
folder_id | string Required. ID of the folder to list secrets in. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page to return. If the number of available results is larger than page_size , the service returns a ListSecretsRequest.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000. |
page_token | string Page token. To get the next page of results, set page_token to the ListSecretsRequest.next_page_token returned by a previous list request. The maximum string length in characters is 100. |
ListSecretsResponse
Field | Description |
---|---|
secrets[] | Secret List of secrets in the specified folder. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is greater than the specified ListSecretsRequest.page_size, use the next_page_token as the value for the ListSecretsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
Secret
Field | Description |
---|---|
id | string ID of the secret. |
folder_id | string ID of the folder that the secret belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the secret. |
description | string Description of the secret. |
labels | map<string,string> Custom labels for the secret as key:value pairs. Maximum 64 per key. |
kms_key_id | string Optional ID of the KMS key will be used to encrypt and decrypt the secret. |
status | enum Status Status of the secret.
|
current_version | Version Current (i.e. the latest ) version of the secret. |
deletion_protection | bool Flag that inhibits deletion of the secret. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
Create
Creates a secret in the specified folder.
rpc Create (CreateSecretRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:CreateSecretMetadata
Operation.response:Secret
CreateSecretRequest
Field | Description |
---|---|
folder_id | string Required. ID of the folder to create a secret in. The maximum string length in characters is 50. |
name | string Name of the secret. The maximum string length in characters is 100. |
description | string Description of the secret. The maximum string length in characters is 1024. |
labels | map<string,string> Custom labels for the secret as key:value pairs. Maximum 64 per key. For example, "project": "mvp" or "source": "dictionary" . No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
kms_key_id | string Optional ID of the KMS key will be used to encrypt and decrypt the secret. The maximum string length in characters is 50. |
version_description | string Description of the first version. The maximum string length in characters is 256. |
version_payload_entries[] | PayloadEntryChange Payload entries added to the first version. The maximum number of elements is 32. |
deletion_protection | bool Flag that inhibits deletion of the secret. |
PayloadEntryChange
Field | Description |
---|---|
key | string Required. Non-confidential key of the entry. The maximum string length in characters is 256. Value must match the regular expression [-_./\\\\@0-9a-zA-Z]+ . |
value | oneof: text_value or binary_value Confidential value of the entry. |
text_value | string Use the field to set a text value. The maximum string length in characters is 65536. |
binary_value | bytes Use the field to set a binary value. The maximum string length in characters is 65536. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
CreateSecretMetadata
Field | Description |
---|---|
secret_id | string ID of the secret being created. |
version_id | string ID of the current version of the secret being created. |
Secret
Field | Description |
---|---|
id | string ID of the secret. |
folder_id | string ID of the folder that the secret belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the secret. |
description | string Description of the secret. |
labels | map<string,string> Custom labels for the secret as key:value pairs. Maximum 64 per key. |
kms_key_id | string Optional ID of the KMS key will be used to encrypt and decrypt the secret. |
status | enum Status Status of the secret.
|
current_version | Version Current (i.e. the latest ) version of the secret. |
deletion_protection | bool Flag that inhibits deletion of the secret. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
Update
Updates the specified secret.
rpc Update (UpdateSecretRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:UpdateSecretMetadata
Operation.response:Secret
UpdateSecretRequest
Field | Description |
---|---|
secret_id | string Required. ID of the secret to update. The maximum string length in characters is 50. |
update_mask | google.protobuf.FieldMask Required. Field mask that specifies which attributes of the secret are going to be updated. |
name | string New name of the secret. The maximum string length in characters is 100. |
description | string New description of the secret. The maximum string length in characters is 1024. |
labels | map<string,string> Custom labels for the secret as key:value pairs. Maximum 64 per key. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]* . The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]* . |
deletion_protection | bool Flag that inhibits deletion of the secret. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
UpdateSecretMetadata
Field | Description |
---|---|
secret_id | string Required. ID of the secret being updated. The maximum string length in characters is 50. |
Secret
Field | Description |
---|---|
id | string ID of the secret. |
folder_id | string ID of the folder that the secret belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the secret. |
description | string Description of the secret. |
labels | map<string,string> Custom labels for the secret as key:value pairs. Maximum 64 per key. |
kms_key_id | string Optional ID of the KMS key will be used to encrypt and decrypt the secret. |
status | enum Status Status of the secret.
|
current_version | Version Current (i.e. the latest ) version of the secret. |
deletion_protection | bool Flag that inhibits deletion of the secret. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
Delete
Deletes the specified secret.
rpc Delete (DeleteSecretRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:DeleteSecretMetadata
Operation.response:Secret
DeleteSecretRequest
Field | Description |
---|---|
secret_id | string Required. ID of the secret to be deleted. The maximum string length in characters is 50. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
DeleteSecretMetadata
Field | Description |
---|---|
secret_id | string ID of the secret being deleted. |
Secret
Field | Description |
---|---|
id | string ID of the secret. |
folder_id | string ID of the folder that the secret belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the secret. |
description | string Description of the secret. |
labels | map<string,string> Custom labels for the secret as key:value pairs. Maximum 64 per key. |
kms_key_id | string Optional ID of the KMS key will be used to encrypt and decrypt the secret. |
status | enum Status Status of the secret.
|
current_version | Version Current (i.e. the latest ) version of the secret. |
deletion_protection | bool Flag that inhibits deletion of the secret. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
Activate
Activates the specified secret.
rpc Activate (ActivateSecretRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:ActivateSecretMetadata
Operation.response:Secret
ActivateSecretRequest
Field | Description |
---|---|
secret_id | string Required. ID of the secret to be activated. The maximum string length in characters is 50. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
ActivateSecretMetadata
Field | Description |
---|---|
secret_id | string ID of the secret being activated. |
Secret
Field | Description |
---|---|
id | string ID of the secret. |
folder_id | string ID of the folder that the secret belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the secret. |
description | string Description of the secret. |
labels | map<string,string> Custom labels for the secret as key:value pairs. Maximum 64 per key. |
kms_key_id | string Optional ID of the KMS key will be used to encrypt and decrypt the secret. |
status | enum Status Status of the secret.
|
current_version | Version Current (i.e. the latest ) version of the secret. |
deletion_protection | bool Flag that inhibits deletion of the secret. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
Deactivate
Deactivates the specified secret.
rpc Deactivate (DeactivateSecretRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:DeactivateSecretMetadata
Operation.response:Secret
DeactivateSecretRequest
Field | Description |
---|---|
secret_id | string Required. ID of the secret to be deactivated. The maximum string length in characters is 50. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
DeactivateSecretMetadata
Field | Description |
---|---|
secret_id | string ID of the secret being deactivated. |
Secret
Field | Description |
---|---|
id | string ID of the secret. |
folder_id | string ID of the folder that the secret belongs to. |
created_at | google.protobuf.Timestamp Creation timestamp. |
name | string Name of the secret. |
description | string Description of the secret. |
labels | map<string,string> Custom labels for the secret as key:value pairs. Maximum 64 per key. |
kms_key_id | string Optional ID of the KMS key will be used to encrypt and decrypt the secret. |
status | enum Status Status of the secret.
|
current_version | Version Current (i.e. the latest ) version of the secret. |
deletion_protection | bool Flag that inhibits deletion of the secret. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
ListVersions
Retrieves the list of versions of the specified secret.
rpc ListVersions (ListVersionsRequest) returns (ListVersionsResponse)
ListVersionsRequest
Field | Description |
---|---|
secret_id | string Required. ID of the secret to list versions for. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page to return. If the number of available results is larger than page_size , the service returns a ListVersionsRequest.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000. |
page_token | string Page token. To get the next page of results, set page_token to the ListVersionsRequest.next_page_token returned by a previous list request. The maximum string length in characters is 100. |
ListVersionsResponse
Field | Description |
---|---|
versions[] | Version List of versions for the specified secret. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is greater than the specified ListVersionsRequest.page_size, use the next_page_token as the value for the ListVersionsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
AddVersion
Adds new version based on a previous one.
rpc AddVersion (AddVersionRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:AddVersionMetadata
Operation.response:Version
AddVersionRequest
Field | Description |
---|---|
secret_id | string Required. ID of the secret. The maximum string length in characters is 50. |
description | string Description of the version. The maximum string length in characters is 1024. |
payload_entries[] | PayloadEntryChange Describe how payload entries of the base version change in the added version. The maximum number of elements is 32. |
base_version_id | string Optional base version id. Defaults to the current version if not specified The maximum string length in characters is 50. |
PayloadEntryChange
Field | Description |
---|---|
key | string Required. Non-confidential key of the entry. The maximum string length in characters is 256. Value must match the regular expression [-_./\\\\@0-9a-zA-Z]+ . |
value | oneof: text_value or binary_value Confidential value of the entry. |
text_value | string Use the field to set a text value. The maximum string length in characters is 65536. |
binary_value | bytes Use the field to set a binary value. The maximum string length in characters is 65536. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
AddVersionMetadata
Field | Description |
---|---|
secret_id | string ID of the secret. |
version_id | string ID of the added version. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
ScheduleVersionDestruction
Schedules the specified version for destruction.
Scheduled destruction can be cancelled with the SecretService.CancelVersionDestruction method.
rpc ScheduleVersionDestruction (ScheduleVersionDestructionRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:ScheduleVersionDestructionMetadata
Operation.response:Version
ScheduleVersionDestructionRequest
Field | Description |
---|---|
secret_id | string Required. ID of the secret whose version should be scheduled for destruction. The maximum string length in characters is 50. |
version_id | string Required. ID of the version to be destroyed. The maximum string length in characters is 50. |
pending_period | google.protobuf.Duration Time interval between the version destruction request and actual destruction. Default value: 7 days. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
ScheduleVersionDestructionMetadata
Field | Description |
---|---|
secret_id | string ID of the secret whose version is being scheduled for destruction. |
version_id | string ID of the version that is being scheduled for destruction. |
destroy_at | google.protobuf.Timestamp Destruction timestamp. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
CancelVersionDestruction
Cancels previously scheduled version destruction, if the version hasn't been destroyed yet.
rpc CancelVersionDestruction (CancelVersionDestructionRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:CancelVersionDestructionMetadata
Operation.response:Version
CancelVersionDestructionRequest
Field | Description |
---|---|
secret_id | string Required. ID of the secret to cancel a version's destruction for. The maximum string length in characters is 50. |
version_id | string Required. ID of the secret whose scheduled destruction should be cancelled. The maximum string length in characters is 50. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
CancelVersionDestructionMetadata
Field | Description |
---|---|
secret_id | string ID of the secret whose version's destruction is being cancelled. |
version_id | string ID of the version whose scheduled destruction is being cancelled. |
Version
Field | Description |
---|---|
id | string ID of the version. |
secret_id | string ID of the secret that the version belongs to. |
created_at | google.protobuf.Timestamp Time when the version was created. |
destroy_at | google.protobuf.Timestamp Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION . |
description | string Description of the version. |
status | enum Status Status of the secret.
|
payload_entry_keys[] | string Keys of the entries contained in the version payload. |
ListOperations
Lists operations for the specified secret.
rpc ListOperations (ListSecretOperationsRequest) returns (ListSecretOperationsResponse)
ListSecretOperationsRequest
Field | Description |
---|---|
secret_id | string Required. ID of the secret to get operations for. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page that should be returned. If the number of available results is larger than page_size , the service returns a ListSecretOperationsRequest.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000. |
page_token | string Page token. To get the next page of results, set page_token to the ListSecretOperationsRequest.next_page_token returned by a previous list request. The maximum string length in characters is 100. |
ListSecretOperationsResponse
Field | Description |
---|---|
operations[] | operation.Operation List of operations for the specified secret. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is larger than ListSecretOperationsResponse.page_size, use the next_page_token as the value for the ListSecretOperationsResponse.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty |
ListAccessBindings
Lists existing access bindings for the specified secret.
rpc ListAccessBindings (ListAccessBindingsRequest) returns (ListAccessBindingsResponse)
ListAccessBindingsRequest
Field | Description |
---|---|
resource_id | string Required. ID of the resource to list access bindings for. To get the resource ID, use a corresponding List request. For example, use the yandex.cloud.resourcemanager.v1.CloudService.List request to get the Cloud resource ID. The maximum string length in characters is 50. |
page_size | int64 The maximum number of results per page that should be returned. If the number of available results is larger than page_size , the service returns a ListAccessBindingsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000. |
page_token | string Page token. Set page_token to the ListAccessBindingsResponse.next_page_token returned by a previous list request to get the next page of results. The maximum string length in characters is 100. |
ListAccessBindingsResponse
Field | Description |
---|---|
access_bindings[] | AccessBinding List of access bindings for the specified resource. |
next_page_token | string This token allows you to get the next page of results for list requests. If the number of results is larger than ListAccessBindingsRequest.page_size, use the next_page_token as the value for the ListAccessBindingsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results. |
AccessBinding
Field | Description |
---|---|
role_id | string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject . The maximum string length in characters is 50. |
subject | Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier. |
Subject
Field | Description |
---|---|
id | string Required. ID of the subject. It can contain one of the following values:
type is system .
type is userAccount , federatedUser or serviceAccount . The maximum string length in characters is 50. |
type | string Required. Type of the subject. It can contain one of the following values:
For more information, see Subject to which the role is assigned. The maximum string length in characters is 100. |
SetAccessBindings
Sets access bindings for the secret.
rpc SetAccessBindings (SetAccessBindingsRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:SetAccessBindingsMetadata
Operation.response:google.protobuf.Empty
SetAccessBindingsRequest
Field | Description |
---|---|
resource_id | string Required. ID of the resource for which access bindings are being set. To get the resource ID, use a corresponding List request. The maximum string length in characters is 50. |
access_bindings[] | AccessBinding Required. Access bindings to be set. For more information, see Access Bindings. |
AccessBinding
Field | Description |
---|---|
role_id | string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject . The maximum string length in characters is 50. |
subject | Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier. |
Subject
Field | Description |
---|---|
id | string Required. ID of the subject. It can contain one of the following values:
type is system .
type is userAccount , federatedUser or serviceAccount . The maximum string length in characters is 50. |
type | string Required. Type of the subject. It can contain one of the following values:
For more information, see Subject to which the role is assigned. The maximum string length in characters is 100. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
SetAccessBindingsMetadata
Field | Description |
---|---|
resource_id | string ID of the resource for which access bindings are being set. |
UpdateAccessBindings
Updates access bindings for the secret.
rpc UpdateAccessBindings (UpdateAccessBindingsRequest) returns (operation.Operation)
Metadata and response of Operation:
Operation.metadata:UpdateAccessBindingsMetadata
Operation.response:google.protobuf.Empty
UpdateAccessBindingsRequest
Field | Description |
---|---|
resource_id | string Required. ID of the resource for which access bindings are being updated. The maximum string length in characters is 50. |
access_binding_deltas[] | AccessBindingDelta Required. Updates to access bindings. The number of elements must be greater than 0. |
AccessBindingDelta
Field | Description |
---|---|
action | enum AccessBindingAction Required. The action that is being performed on an access binding.
|
access_binding | AccessBinding Required. Access binding. For more information, see Access Bindings. |
AccessBinding
Field | Description |
---|---|
role_id | string Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject . The maximum string length in characters is 50. |
subject | Subject Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier. |
Subject
Field | Description |
---|---|
id | string Required. ID of the subject. It can contain one of the following values:
type is system .
type is userAccount , federatedUser or serviceAccount . The maximum string length in characters is 50. |
type | string Required. Type of the subject. It can contain one of the following values:
For more information, see Subject to which the role is assigned. The maximum string length in characters is 100. |
Operation
Field | Description |
---|---|
id | string ID of the operation. |
description | string Description of the operation. 0-256 characters long. |
created_at | google.protobuf.Timestamp Creation timestamp. |
created_by | string ID of the user or service account who initiated the operation. |
modified_at | google.protobuf.Timestamp The time when the Operation resource was last modified. |
done | bool If the value is false , it means the operation is still in progress. If true , the operation is completed, and either error or response is available. |
metadata | google.protobuf.Any Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any. |
result | oneof: error or response The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true , exactly one of error or response is set. |
error | google.rpc.Status The error result of the operation in case of failure or cancellation. |
response | google.protobuf.Any if operation finished successfully. |
UpdateAccessBindingsMetadata
Field | Description |
---|---|
resource_id | string ID of the resource for which access bindings are being updated. |