use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class DisableSecretVersion method disableSecretVersion.
// Disable an existing secret version.
public static void disableSecretVersion(String projectId, String secretId, String versionId) throws IOException {
// the "close" method on the client to safely clean up any remaining background resources.
try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
// Build the name from the version.
SecretVersionName secretVersionName = SecretVersionName.of(projectId, secretId, versionId);
// Disable the secret version.
SecretVersion version = client.disableSecretVersion(secretVersionName);
System.out.printf("Disabled secret version %s\n", version.getName());
}
}
use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class IamGrantAccess method iamGrantAccess.
// Grant a member access to a particular secret.
public static void iamGrantAccess(String projectId, String secretId, String member) throws IOException {
// the "close" method on the client to safely clean up any remaining background resources.
try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
// Build the name from the version.
SecretName secretName = SecretName.of(projectId, secretId);
// Request the current IAM policy.
Policy currentPolicy = client.getIamPolicy(GetIamPolicyRequest.newBuilder().setResource(secretName.toString()).build());
// Build the new binding.
Binding binding = Binding.newBuilder().setRole("roles/secretmanager.secretAccessor").addMembers(member).build();
// Create a new IAM policy from the current policy, adding the binding.
Policy newPolicy = Policy.newBuilder().mergeFrom(currentPolicy).addBindings(binding).build();
// Save the updated IAM policy.
client.setIamPolicy(SetIamPolicyRequest.newBuilder().setResource(secretName.toString()).setPolicy(newPolicy).build());
System.out.printf("Updated IAM policy for %s\n", secretId);
}
}
use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class IamRevokeAccess method iamRevokeAccess.
// Revoke a member access to a particular secret.
public static void iamRevokeAccess(String projectId, String secretId, String member) throws IOException {
// the "close" method on the client to safely clean up any remaining background resources.
try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
// Build the name from the version.
SecretName secretName = SecretName.of(projectId, secretId);
// Request the current IAM policy.
Policy policy = client.getIamPolicy(GetIamPolicyRequest.newBuilder().setResource(secretName.toString()).build());
// Search through bindings and remove matches.
String roleToFind = "roles/secretmanager.secretAccessor";
for (Binding binding : policy.getBindingsList()) {
if (binding.getRole() == roleToFind && binding.getMembersList().contains(member)) {
binding.getMembersList().remove(member);
}
}
// Save the updated IAM policy.
client.setIamPolicy(SetIamPolicyRequest.newBuilder().setResource(secretName.toString()).setPolicy(policy).build());
System.out.printf("Updated IAM policy for %s\n", secretId);
}
}
use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class AddSecretVersion method addSecretVersion.
// Add a new version to the existing secret.
public static void addSecretVersion(String projectId, String secretId) throws IOException {
// the "close" method on the client to safely clean up any remaining background resources.
try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
SecretName secretName = SecretName.of(projectId, secretId);
byte[] data = "my super secret data".getBytes();
// Calculate data checksum. The library is available in Java 9+.
// If using Java 8, the following library may be used:
// https://cloud.google.com/appengine/docs/standard/java/javadoc/com/google/appengine/api/files/Crc32c
Checksum checksum = new CRC32C();
checksum.update(data, 0, data.length);
// Create the secret payload.
SecretPayload payload = SecretPayload.newBuilder().setData(ByteString.copyFrom(data)).setDataCrc32C(checksum.getValue()).build();
// Add the secret version.
SecretVersion version = client.addSecretVersion(secretName, payload);
System.out.printf("Added secret version %s\n", version.getName());
}
}
use of com.google.cloud.secretmanager.v1.SecretManagerServiceClient in project java-secretmanager by googleapis.
the class NativeImageSecretManagerSample method printSecretVersion.
static void printSecretVersion(SecretManagerServiceClient client, SecretVersion version) {
AccessSecretVersionResponse response = client.accessSecretVersion(version.getName());
String payload = response.getPayload().getData().toStringUtf8();
System.out.println("Reading secret value: " + payload);
System.out.println("(Note: Don't print secret values in prod!)");
}
Aggregations