@google-cloud/secret-manager
Advanced tools
@google-cloud/secret-manager is a Node.js client library for Google Cloud Secret Manager. It allows you to securely store, manage, and access secrets, such as API keys, passwords, certificates, and other sensitive data.
Create a Secret
This feature allows you to create a new secret in Google Cloud Secret Manager. The code sample demonstrates how to create a secret with automatic replication.
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
async function createSecret() {
const [secret] = await client.createSecret({
parent: 'projects/my-project',
secretId: 'my-secret',
secret: {
replication: {
automatic: {},
},
},
});
console.log(`Created secret: ${secret.name}`);
}
createSecret();Add a Secret Version
This feature allows you to add a new version to an existing secret. The code sample demonstrates how to add a new version with a specific payload.
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
async function addSecretVersion() {
const [version] = await client.addSecretVersion({
parent: 'projects/my-project/secrets/my-secret',
payload: {
data: Buffer.from('my-secret-data', 'utf8'),
},
});
console.log(`Added secret version: ${version.name}`);
}
addSecretVersion();Access a Secret Version
This feature allows you to access the payload of a specific version of a secret. The code sample demonstrates how to access the latest version of a secret and print its payload.
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
async function accessSecretVersion() {
const [accessResponse] = await client.accessSecretVersion({
name: 'projects/my-project/secrets/my-secret/versions/latest',
});
const responsePayload = accessResponse.payload.data.toString('utf8');
console.log(`Accessed secret version payload: ${responsePayload}`);
}
accessSecretVersion();Delete a Secret
This feature allows you to delete a secret from Google Cloud Secret Manager. The code sample demonstrates how to delete a specific secret.
const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
async function deleteSecret() {
await client.deleteSecret({
name: 'projects/my-project/secrets/my-secret',
});
console.log('Deleted secret');
}
deleteSecret();The aws-sdk package for Node.js provides a comprehensive set of tools for interacting with AWS services, including AWS Secrets Manager. It allows you to store, retrieve, and manage secrets in a similar way to @google-cloud/secret-manager, but within the AWS ecosystem.
The azure-keyvault-secrets package for Node.js allows you to manage secrets in Azure Key Vault. It provides similar functionalities to @google-cloud/secret-manager, such as creating, retrieving, and deleting secrets, but is designed for use with Microsoft Azure.
The vault package for Node.js is a client library for HashiCorp Vault, a tool for securely storing and accessing secrets. It offers similar functionalities to @google-cloud/secret-manager, including secret management and access control, but is designed to work with HashiCorp Vault.
Secrets client for Node.js
Read more about the client libraries for Cloud APIs, including the older Google APIs Client Libraries, in Client Libraries Explained.
Table of contents:
npm install @google-cloud/secret-manager
// Import the Secret Manager client and instantiate it:
const {SecretManagerServiceClient} = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
/**
* TODO(developer): Uncomment these variables before running the sample.
*/
// parent = 'projects/my-project', // Project for which to manage secrets.
// secretId = 'foo', // Secret ID.
// payload = 'hello world!' // String source data.
async function createAndAccessSecret() {
// Create the secret with automation replication.
const [secret] = await client.createSecret({
parent: parent,
secret: {
name: secretId,
replication: {
automatic: {},
},
},
secretId,
});
console.info(`Created secret ${secret.name}`);
// Add a version with a payload onto the secret.
const [version] = await client.addSecretVersion({
parent: secret.name,
payload: {
data: Buffer.from(payload, 'utf8'),
},
});
console.info(`Added secret version ${version.name}`);
// Access the secret.
const [accessResponse] = await client.accessSecretVersion({
name: version.name,
});
const responsePayload = accessResponse.payload.data.toString('utf8');
console.info(`Payload: ${responsePayload}`);
}
createAndAccessSecret();
Samples are in the samples/ directory. The samples' README.md
has instructions for running the samples.
| Sample | Source Code | Try it |
|---|---|---|
| Access Secret Version | source code |  |
| Add Secret Version | source code | |
| Create Secret | source code | |
| Delete Secret | source code | |
| Destroy Secret Version | source code | |
| Disable Secret Version | source code | |
| Enable Secret Version | source code | |
| Get Secret | source code | |
| Get Secret Version | source code | |
| Iam Grant Access | source code | |
| Iam Revoke Access | source code | |
| List Secret Versions | source code | |
| List Secrets | source code | |
| Quickstart | source code | |
| Update Secret | source code | |
The Secret Manager Node.js Client API Reference documentation also contains samples.
Our client libraries follow the Node.js release schedule. Libraries are compatible with all current active and maintenance versions of Node.js.
Client libraries targetting some end-of-life versions of Node.js are available, and
can be installed via npm dist-tags.
The dist-tags follow the naming convention legacy-(version).
Legacy Node.js versions are supported as a best effort:
legacy-8: install client libraries from this dist-tag for versions
compatible with Node.js 8.This library follows Semantic Versioning.
This library is considered to be General Availability (GA). This means it is stable; the code surface will not change in backwards-incompatible ways unless absolutely necessary (e.g. because of critical security issues) or with an extensive deprecation period. Issues and requests against GA libraries are addressed with the highest priority.
More Information: Google Cloud Platform Launch Stages
Contributions welcome! See the Contributing Guide.
Please note that this README.md, the samples/README.md,
and a variety of configuration files in this repository (including .nycrc and tsconfig.json)
are generated from a central template. To edit one of these files, make an edit
to its template in this
directory.
Apache Version 2.0
See LICENSE
FAQs
Secrets client for Node.js
The npm package @google-cloud/secret-manager receives a total of 377,588 weekly downloads. As such, @google-cloud/secret-manager popularity was classified as popular.
We found that @google-cloud/secret-manager demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.
Security News
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
Research
Security News
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.