Secret store secret

Secrets written to a secret store are encrypted in transit and at rest. Secret store entries are write-only and plaintext secret values cannot be retrieved via the API. The plaintext values are only available to Compute services during their request processing. Secret names must be unique within a store.

A secret within a secret store. Learn more about secret stores.

Data model

client_keystringThe Base64-encoded string containing the client key used to encrypt the secret, if applicable.
namestringA human-readable name for the secret. The value must contain only letters, numbers, dashes (-), underscores (_), and periods (.).
secretstringA Base64-encoded string containing either the secret or the encrypted secret (when using client_key). The maximum secret size (before Base64 encoding and optional local encryption) is 64KB.
created_atstringDate and time in ISO 8601 format. Read-only.
digeststringAn opaque identifier of the plaintext secret value. This can be used to determine if a secret value has changed. Read-only.
recreatedbooleanTrue if the secret replaced a secret with the same name.


List secrets within a store


Create or recreate a secret in a store


Create a new secret in a store


Recreate a secret in a store


Get secret metadata


Delete a secret from a store