Search in sources :

Example 11 with SecretManagerServiceClient

use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class DisableSecretVersion method disableSecretVersion.

// Disable an existing secret version.
public static void disableSecretVersion(String projectId, String secretId, String versionId) throws IOException {
    // the "close" method on the client to safely clean up any remaining background resources.
    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
        // Build the name from the version.
        SecretVersionName secretVersionName = SecretVersionName.of(projectId, secretId, versionId);
        // Disable the secret version.
        SecretVersion version = client.disableSecretVersion(secretVersionName);
        System.out.printf("Disabled secret version %s\n", version.getName());
    }
}
Also used : SecretVersionName(com.google.cloud.secretmanager.v1.SecretVersionName) SecretVersion(com.google.cloud.secretmanager.v1.SecretVersion) SecretManagerServiceClient(com.google.cloud.secretmanager.v1.SecretManagerServiceClient)

Example 12 with SecretManagerServiceClient

use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class IamGrantAccess method iamGrantAccess.

// Grant a member access to a particular secret.
public static void iamGrantAccess(String projectId, String secretId, String member) throws IOException {
    // the "close" method on the client to safely clean up any remaining background resources.
    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
        // Build the name from the version.
        SecretName secretName = SecretName.of(projectId, secretId);
        // Request the current IAM policy.
        Policy currentPolicy = client.getIamPolicy(GetIamPolicyRequest.newBuilder().setResource(secretName.toString()).build());
        // Build the new binding.
        Binding binding = Binding.newBuilder().setRole("roles/secretmanager.secretAccessor").addMembers(member).build();
        // Create a new IAM policy from the current policy, adding the binding.
        Policy newPolicy = Policy.newBuilder().mergeFrom(currentPolicy).addBindings(binding).build();
        // Save the updated IAM policy.
        client.setIamPolicy(SetIamPolicyRequest.newBuilder().setResource(secretName.toString()).setPolicy(newPolicy).build());
        System.out.printf("Updated IAM policy for %s\n", secretId);
    }
}
Also used : SecretName(com.google.cloud.secretmanager.v1.SecretName) Policy(com.google.iam.v1.Policy) Binding(com.google.iam.v1.Binding) SecretManagerServiceClient(com.google.cloud.secretmanager.v1.SecretManagerServiceClient)

Example 13 with SecretManagerServiceClient

use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class IamRevokeAccess method iamRevokeAccess.

// Revoke a member access to a particular secret.
public static void iamRevokeAccess(String projectId, String secretId, String member) throws IOException {
    // the "close" method on the client to safely clean up any remaining background resources.
    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
        // Build the name from the version.
        SecretName secretName = SecretName.of(projectId, secretId);
        // Request the current IAM policy.
        Policy policy = client.getIamPolicy(GetIamPolicyRequest.newBuilder().setResource(secretName.toString()).build());
        // Search through bindings and remove matches.
        String roleToFind = "roles/secretmanager.secretAccessor";
        for (Binding binding : policy.getBindingsList()) {
            if (binding.getRole() == roleToFind && binding.getMembersList().contains(member)) {
                binding.getMembersList().remove(member);
            }
        }
        // Save the updated IAM policy.
        client.setIamPolicy(SetIamPolicyRequest.newBuilder().setResource(secretName.toString()).setPolicy(policy).build());
        System.out.printf("Updated IAM policy for %s\n", secretId);
    }
}
Also used : SecretName(com.google.cloud.secretmanager.v1.SecretName) Policy(com.google.iam.v1.Policy) Binding(com.google.iam.v1.Binding) SecretManagerServiceClient(com.google.cloud.secretmanager.v1.SecretManagerServiceClient)

Example 14 with SecretManagerServiceClient

use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class AddSecretVersion method addSecretVersion.

// Add a new version to the existing secret.
public static void addSecretVersion(String projectId, String secretId) throws IOException {
    // the "close" method on the client to safely clean up any remaining background resources.
    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
        SecretName secretName = SecretName.of(projectId, secretId);
        byte[] data = "my super secret data".getBytes();
        // Calculate data checksum. The library is available in Java 9+.
        // If using Java 8, the following library may be used:
        // https://cloud.google.com/appengine/docs/standard/java/javadoc/com/google/appengine/api/files/Crc32c
        Checksum checksum = new CRC32C();
        checksum.update(data, 0, data.length);
        // Create the secret payload.
        SecretPayload payload = SecretPayload.newBuilder().setData(ByteString.copyFrom(data)).setDataCrc32C(checksum.getValue()).build();
        // Add the secret version.
        SecretVersion version = client.addSecretVersion(secretName, payload);
        System.out.printf("Added secret version %s\n", version.getName());
    }
}
Also used : SecretName(com.google.cloud.secretmanager.v1.SecretName) SecretVersion(com.google.cloud.secretmanager.v1.SecretVersion) Checksum(java.util.zip.Checksum) CRC32C(java.util.zip.CRC32C) SecretManagerServiceClient(com.google.cloud.secretmanager.v1.SecretManagerServiceClient) SecretPayload(com.google.cloud.secretmanager.v1.SecretPayload)

Example 15 with SecretManagerServiceClient

use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-secretmanager by googleapis.

the class NativeImageSecretManagerSample method printSecretVersion.

static void printSecretVersion(SecretManagerServiceClient client, SecretVersion version) {
    AccessSecretVersionResponse response = client.accessSecretVersion(version.getName());
    String payload = response.getPayload().getData().toStringUtf8();
    System.out.println("Reading secret value: " + payload);
    System.out.println("(Note: Don't print secret values in prod!)");
}
Also used : ByteString(com.google.protobuf.ByteString) AccessSecretVersionResponse(com.google.cloud.secretmanager.v1.AccessSecretVersionResponse)

Aggregations

SecretManagerServiceClient (com.google.cloud.secretmanager.v1.SecretManagerServiceClient)56 SecretName (com.google.cloud.secretmanager.v1.SecretName)24 SecretVersion (com.google.cloud.secretmanager.v1.SecretVersion)21 SecretVersionName (com.google.cloud.secretmanager.v1.SecretVersionName)16 Secret (com.google.cloud.secretmanager.v1.Secret)14 ProjectName (com.google.cloud.secretmanager.v1.ProjectName)13 AccessSecretVersionResponse (com.google.cloud.secretmanager.v1.AccessSecretVersionResponse)10 ByteString (com.google.protobuf.ByteString)9 SecretPayload (com.google.cloud.secretmanager.v1.SecretPayload)7 ListSecretsPagedResponse (com.google.cloud.secretmanager.v1.SecretManagerServiceClient.ListSecretsPagedResponse)5 Test (org.junit.Test)5 DeleteSecretRequest (com.google.cloud.secretmanager.v1.DeleteSecretRequest)4 Binding (com.google.iam.v1.Binding)4 Policy (com.google.iam.v1.Policy)4 ListSecretVersionsPagedResponse (com.google.cloud.secretmanager.v1.SecretManagerServiceClient.ListSecretVersionsPagedResponse)3 FieldMask (com.google.protobuf.FieldMask)3 Singleton (javax.inject.Singleton)3 AfterClass (org.junit.AfterClass)3 GoogleSecretManagerV1AccessStrategy (org.springframework.cloud.config.server.environment.secretmanager.GoogleSecretManagerV1AccessStrategy)3 AddSecretVersionRequest (com.google.cloud.secretmanager.v1.AddSecretVersionRequest)2