Automatically Grab Latest Google Cloud Platform Secret Version

Asked 16/8, 2021 at 15:11 Answered 16/8, 2021 at 15:26

Solved google-cloud-platform google-secret-manager

I'm trying to grab the latest secret version. Is there a way to do that without specifying the version number? Such as using the keyword "latest". I'm trying to avoid having to iterate through all the secret versions with a for loop as GCP documentation shows:

try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
  // Build the parent name.
  SecretName projectName = SecretName.of(projectId, secretId);

  // Get all versions.
  ListSecretVersionsPagedResponse pagedResponse = client.listSecretVersions(projectName);

  // List all versions and their state.
  pagedResponse
      .iterateAll()
      .forEach(
          version -> {
            System.out.printf("Secret version %s, %s\n", version.getName(), version.getState());
          });
}

Skill answered 16/8, 2021 at 15:11 Comment(2)

latest is an alias to the most recently created version. – Fermi 16/8, 2021 at 15:19

latest is very handy but if you want to rollback to a previous version, "latest" doesn't mean "latest enabled". If you latest is disabled or destroyed, you'll get an empty file. – Danielson 6/10, 2022 at 17:39

Yes, you can use "latest" as the version number. This is called an "alias". At present, the only alias is "latest", but we may support more aliases in the future.

gcloud secrets versions access "latest" --secret "my-secret"

try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
  SecretVersionName secretVersionName = SecretVersionName.of(projectId, secretId, "latest"); // <-- here

  // Access the secret version.
  AccessSecretVersionResponse response = client.accessSecretVersion(secretVersionName);

  String payload = response.getPayload().getData().toStringUtf8();
  System.out.printf("Plaintext: %s\n", payload);
}

Bambi answered 16/8, 2021 at 15:26 Comment(4)

Yes thanks sethvargo, that was the answer. For some reason, it was throwing errors before when we used latest, maybe wasn't doing it correctly. But this worked. Appreciate the help mate. – Skill 18/8, 2021 at 15:10

I am assuming we cannot get latest-1 version somehow using any alias? – Lozano 24/11, 2021 at 12:27

@Bambi What if latest secret is disabled, How to access latest active secret available. – Santiagosantillan 30/8, 2022 at 23:32

I agree with Ojasv and Bikram. It would be really useful to get "latest enabled" for rollback purposes but "latest" returns an empty file / error if the latest is disabled or destroyed. – Danielson 6/10, 2022 at 17:42

import com.google.cloud.secretmanager.v1.AccessSecretVersionResponse;
import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
import com.google.cloud.secretmanager.v1.SecretVersionName;
import java.io.IOException;

public class AccessSecretVersion {

  public static void accessSecretVersion() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    String secretId = "your-secret-id";
    String versionId = "latest"; //<-- specify version
    accessSecretVersion(projectId, secretId, versionId);
  }

  // Access the payload for the given secret version if one exists. The version
  // can be a version number as a string (e.g. "5") or an alias (e.g. "latest").
  public static void accessSecretVersion(String projectId, String secretId, String versionId)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
      SecretVersionName secretVersionName = SecretVersionName.of(projectId, secretId, versionId);

      // Access the secret version.
      AccessSecretVersionResponse response = client.accessSecretVersion(secretVersionName);

      // Print the secret payload.
      //
      // WARNING: Do not print the secret in a production environment - this
      // snippet is showing how to access the secret material.
      String payload = response.getPayload().getData().toStringUtf8();
      System.out.printf("Plaintext: %s\n", payload);
    }
  }
}

source: https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets#secretmanager-access-secret-version-java

Fermi answered 16/8, 2021 at 15:26 Comment(0)

Recommended topics

Hot tags