Secret store secret
Secrets written to a secret store are encrypted in transit and at rest. Secret store entries are write-only and plaintext secret values cannot be retrieved via the API. The plaintext values are only available to Compute services during their request processing. Secret names must be unique within a store.
A secret within a secret store. Learn more about secret stores.
Data model
client_key | string | The Base64-encoded string containing the client key used to encrypt the secret, if applicable. | |
name | string | A human-readable name for the secret. The value must contain only letters, numbers, dashes (- ), underscores (_ ), and periods (. ). | |
secret | string | A Base64-encoded string containing either the secret or the encrypted secret (when using client_key). The maximum secret size (before Base64 encoding and optional local encryption) is 64KB. | |
created_at | string | Date and time in ISO 8601 format. Read-only. | |
digest | string | An opaque identifier of the plaintext secret value. This can be used to determine if a secret value has changed. Read-only. | |
recreated | boolean | True if the secret replaced a secret with the same name. |