@google-cloud/secret-manager
Advanced tools
@google-cloud/secret-manager is a Node.js client library for Google Cloud Secret Manager. It allows you to securely store, manage, and access secrets, such as API keys, passwords, certificates, and other sensitive data.
Create a Secret
This feature allows you to create a new secret in Google Cloud Secret Manager. The code sample demonstrates how to create a secret with automatic replication.
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
async function createSecret() {
const [secret] = await client.createSecret({
parent: 'projects/my-project',
secretId: 'my-secret',
secret: {
replication: {
automatic: {},
},
},
});
console.log(`Created secret: ${secret.name}`);
}
createSecret();Add a Secret Version
This feature allows you to add a new version to an existing secret. The code sample demonstrates how to add a new version with a specific payload.
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
async function addSecretVersion() {
const [version] = await client.addSecretVersion({
parent: 'projects/my-project/secrets/my-secret',
payload: {
data: Buffer.from('my-secret-data', 'utf8'),
},
});
console.log(`Added secret version: ${version.name}`);
}
addSecretVersion();Access a Secret Version
This feature allows you to access the payload of a specific version of a secret. The code sample demonstrates how to access the latest version of a secret and print its payload.
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
async function accessSecretVersion() {
const [accessResponse] = await client.accessSecretVersion({
name: 'projects/my-project/secrets/my-secret/versions/latest',
});
const responsePayload = accessResponse.payload.data.toString('utf8');
console.log(`Accessed secret version payload: ${responsePayload}`);
}
accessSecretVersion();Delete a Secret
This feature allows you to delete a secret from Google Cloud Secret Manager. The code sample demonstrates how to delete a specific secret.
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
async function deleteSecret() {
await client.deleteSecret({
name: 'projects/my-project/secrets/my-secret',
});
console.log('Deleted secret');
}
deleteSecret();The aws-sdk package for Node.js provides a comprehensive set of tools for interacting with AWS services, including AWS Secrets Manager. It allows you to store, retrieve, and manage secrets in a similar way to @google-cloud/secret-manager, but within the AWS ecosystem.
The azure-keyvault-secrets package for Node.js allows you to manage secrets in Azure Key Vault. It provides similar functionalities to @google-cloud/secret-manager, such as creating, retrieving, and deleting secrets, but is designed for use with Microsoft Azure.
The vault package for Node.js is a client library for HashiCorp Vault, a tool for securely storing and accessing secrets. It offers similar functionalities to @google-cloud/secret-manager, including secret management and access control, but is designed to work with HashiCorp Vault.
Secrets client for Node.js
Read more about the client libraries for Cloud APIs, including the older Google APIs Client Libraries, in Client Libraries Explained.
Table of contents:
npm install @google-cloud/secret-manager
// Import the Secret Manager client and instantiate it:
const {SecretManagerServiceClient} = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
/**
* TODO(developer): Uncomment these variables before running the sample.
*/
// parent = 'projects/my-project', // Project for which to manage secrets.
// secretId = 'foo', // Secret ID.
// payload = 'hello world!' // String source data.
async function createAndAccessSecret() {
// Create the secret with automation replication.
const [secret] = await client.createSecret({
parent: parent,
secret: {
name: secretId,
replication: {
automatic: {},
},
},
secretId,
});
console.info(`Created secret ${secret.name}`);
// Add a version with a payload onto the secret.
const [version] = await client.addSecretVersion({
parent: secret.name,
payload: {
data: Buffer.from(payload, 'utf8'),
},
});
console.info(`Added secret version ${version.name}`);
// Access the secret.
const [accessResponse] = await client.accessSecretVersion({
name: version.name,
});
const responsePayload = accessResponse.payload.data.toString('utf8');
console.info(`Payload: ${responsePayload}`);
}
createAndAccessSecret();
Samples are in the samples/ directory. The samples' README.md
has instructions for running the samples.
| Sample | Source Code | Try it |
|---|---|---|
| Access Secret Version | source code |  |
| Add Secret Version | source code | |
| Create Secret | source code | |
| Delete Secret | source code | |
| Destroy Secret Version | source code | |
| Disable Secret Version | source code | |
| Enable Secret Version | source code | |
| Get Secret | source code | |
| Get Secret Version | source code | |
| List Secret Versions | source code | |
| List Secrets | source code | |
| Quickstart | source code | |
| Update Secret | source code | |
The Secret Manager Node.js Client API Reference documentation also contains samples.
This library follows Semantic Versioning.
This library is considered to be in beta. This means it is expected to be mostly stable while we work toward a general availability release; however, complete stability is not guaranteed. We will address issues and requests against beta libraries with a high priority.
More Information: Google Cloud Platform Launch Stages
Contributions welcome! See the Contributing Guide.
Apache Version 2.0
See LICENSE
FAQs
Secrets client for Node.js
We found that @google-cloud/secret-manager demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.
Security News
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
Research
Security News
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.