Examples with SecretManagerServiceClient com.google.cloud.secretmanager.v1.SecretManagerServiceClient used on opensource projects

Example 11 with SecretManagerServiceClient

use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class DisableSecretVersion method disableSecretVersion.

// Disable an existing secret version.
public static void disableSecretVersion(String projectId, String secretId, String versionId) throws IOException {
    // the "close" method on the client to safely clean up any remaining background resources.
    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
        // Build the name from the version.
        SecretVersionName secretVersionName = SecretVersionName.of(projectId, secretId, versionId);
        // Disable the secret version.
        SecretVersion version = client.disableSecretVersion(secretVersionName);
        System.out.printf("Disabled secret version %s\n", version.getName());
    }
}

Example 12 with SecretManagerServiceClient

use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class IamGrantAccess method iamGrantAccess.

// Grant a member access to a particular secret.
public static void iamGrantAccess(String projectId, String secretId, String member) throws IOException {
    // the "close" method on the client to safely clean up any remaining background resources.
    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
        // Build the name from the version.
        SecretName secretName = SecretName.of(projectId, secretId);
        // Request the current IAM policy.
        Policy currentPolicy = client.getIamPolicy(GetIamPolicyRequest.newBuilder().setResource(secretName.toString()).build());
        // Build the new binding.
        Binding binding = Binding.newBuilder().setRole("roles/secretmanager.secretAccessor").addMembers(member).build();
        // Create a new IAM policy from the current policy, adding the binding.
        Policy newPolicy = Policy.newBuilder().mergeFrom(currentPolicy).addBindings(binding).build();
        // Save the updated IAM policy.
        client.setIamPolicy(SetIamPolicyRequest.newBuilder().setResource(secretName.toString()).setPolicy(newPolicy).build());
        System.out.printf("Updated IAM policy for %s\n", secretId);
    }
}

Example 13 with SecretManagerServiceClient

use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class IamRevokeAccess method iamRevokeAccess.

// Revoke a member access to a particular secret.
public static void iamRevokeAccess(String projectId, String secretId, String member) throws IOException {
    // the "close" method on the client to safely clean up any remaining background resources.
    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
        // Build the name from the version.
        SecretName secretName = SecretName.of(projectId, secretId);
        // Request the current IAM policy.
        Policy policy = client.getIamPolicy(GetIamPolicyRequest.newBuilder().setResource(secretName.toString()).build());
        // Search through bindings and remove matches.
        String roleToFind = "roles/secretmanager.secretAccessor";
        for (Binding binding : policy.getBindingsList()) {
            if (binding.getRole() == roleToFind && binding.getMembersList().contains(member)) {
                binding.getMembersList().remove(member);
            }
        }
        // Save the updated IAM policy.
        client.setIamPolicy(SetIamPolicyRequest.newBuilder().setResource(secretName.toString()).setPolicy(policy).build());
        System.out.printf("Updated IAM policy for %s\n", secretId);
    }
}

Example 14 with SecretManagerServiceClient

use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class AddSecretVersion method addSecretVersion.

// Add a new version to the existing secret.
public static void addSecretVersion(String projectId, String secretId) throws IOException {
    // the "close" method on the client to safely clean up any remaining background resources.
    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
        SecretName secretName = SecretName.of(projectId, secretId);
        byte[] data = "my super secret data".getBytes();
        // Calculate data checksum. The library is available in Java 9+.
        // If using Java 8, the following library may be used:
        // https://cloud.google.com/appengine/docs/standard/java/javadoc/com/google/appengine/api/files/Crc32c
        Checksum checksum = new CRC32C();
        checksum.update(data, 0, data.length);
        // Create the secret payload.
        SecretPayload payload = SecretPayload.newBuilder().setData(ByteString.copyFrom(data)).setDataCrc32C(checksum.getValue()).build();
        // Add the secret version.
        SecretVersion version = client.addSecretVersion(secretName, payload);
        System.out.printf("Added secret version %s\n", version.getName());
    }
}

Example 15 with SecretManagerServiceClient

use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-secretmanager by googleapis.

the class NativeImageSecretManagerSample method printSecretVersion.

static void printSecretVersion(SecretManagerServiceClient client, SecretVersion version) {
    AccessSecretVersionResponse response = client.accessSecretVersion(version.getName());
    String payload = response.getPayload().getData().toStringUtf8();
    System.out.println("Reading secret value: " + payload);
    System.out.println("(Note: Don't print secret values in prod!)");
}