Google Cloud v9.3.0 published on Tuesday, Oct 7, 2025 by Pulumi
gcp.secretmanager.getSecrets
Use this data source to list the Secret Manager Secrets
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const secrets = gcp.secretmanager.getSecrets({});
import pulumi
import pulumi_gcp as gcp
secrets = gcp.secretmanager.get_secrets()
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/secretmanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := secretmanager.GetSecrets(ctx, &secretmanager.GetSecretsArgs{}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var secrets = Gcp.SecretManager.GetSecrets.Invoke();
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.secretmanager.SecretmanagerFunctions;
import com.pulumi.gcp.secretmanager.inputs.GetSecretsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var secrets = SecretmanagerFunctions.getSecrets(GetSecretsArgs.builder()
.build());
}
}
variables:
secrets:
fn::invoke:
function: gcp:secretmanager:getSecrets
arguments: {}
Using getSecrets
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecrets(args: GetSecretsArgs, opts?: InvokeOptions): Promise<GetSecretsResult>
function getSecretsOutput(args: GetSecretsOutputArgs, opts?: InvokeOptions): Output<GetSecretsResult>def get_secrets(filter: Optional[str] = None,
project: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSecretsResult
def get_secrets_output(filter: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecretsResult]func GetSecrets(ctx *Context, args *GetSecretsArgs, opts ...InvokeOption) (*GetSecretsResult, error)
func GetSecretsOutput(ctx *Context, args *GetSecretsOutputArgs, opts ...InvokeOption) GetSecretsResultOutput> Note: This function is named GetSecrets in the Go SDK.
public static class GetSecrets
{
public static Task<GetSecretsResult> InvokeAsync(GetSecretsArgs args, InvokeOptions? opts = null)
public static Output<GetSecretsResult> Invoke(GetSecretsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecretsResult> getSecrets(GetSecretsArgs args, InvokeOptions options)
public static Output<GetSecretsResult> getSecrets(GetSecretsArgs args, InvokeOptions options)
fn::invoke:
function: gcp:secretmanager/getSecrets:getSecrets
arguments:
# arguments dictionaryThe following arguments are supported:
- Filter string
- Filter string, adhering to the rules in List-operation filtering. List only secrets matching the filter. If filter is empty, all secrets are listed.
- Project string
- The ID of the project.
- Filter string
- Filter string, adhering to the rules in List-operation filtering. List only secrets matching the filter. If filter is empty, all secrets are listed.
- Project string
- The ID of the project.
- filter String
- Filter string, adhering to the rules in List-operation filtering. List only secrets matching the filter. If filter is empty, all secrets are listed.
- project String
- The ID of the project.
- filter string
- Filter string, adhering to the rules in List-operation filtering. List only secrets matching the filter. If filter is empty, all secrets are listed.
- project string
- The ID of the project.
- filter str
- Filter string, adhering to the rules in List-operation filtering. List only secrets matching the filter. If filter is empty, all secrets are listed.
- project str
- The ID of the project.
- filter String
- Filter string, adhering to the rules in List-operation filtering. List only secrets matching the filter. If filter is empty, all secrets are listed.
- project String
- The ID of the project.
getSecrets Result
The following output properties are available:
- Id string
- The provider-assigned unique ID for this managed resource.
- Project string
- The ID of the project in which the resource belongs.
- Secrets
List<Get
Secrets Secret> - A list of secrets matching the filter. Structure is defined below.
- Filter string
- Id string
- The provider-assigned unique ID for this managed resource.
- Project string
- The ID of the project in which the resource belongs.
- Secrets
[]Get
Secrets Secret - A list of secrets matching the filter. Structure is defined below.
- Filter string
- id String
- The provider-assigned unique ID for this managed resource.
- project String
- The ID of the project in which the resource belongs.
- secrets
List<Get
Secrets Secret> - A list of secrets matching the filter. Structure is defined below.
- filter String
- id string
- The provider-assigned unique ID for this managed resource.
- project string
- The ID of the project in which the resource belongs.
- secrets
Get
Secrets Secret[] - A list of secrets matching the filter. Structure is defined below.
- filter string
- id str
- The provider-assigned unique ID for this managed resource.
- project str
- The ID of the project in which the resource belongs.
- secrets
Sequence[Get
Secrets Secret] - A list of secrets matching the filter. Structure is defined below.
- filter str
- id String
- The provider-assigned unique ID for this managed resource.
- project String
- The ID of the project in which the resource belongs.
- secrets List<Property Map>
- A list of secrets matching the filter. Structure is defined below.
- filter String
Supporting Types
GetSecretsSecret
- Annotations Dictionary<string, string>
- Custom metadata about the secret.
- Create
Time string - The time at which the Secret was created.
- Deletion
Protection bool - Effective
Annotations Dictionary<string, string> - Effective
Labels Dictionary<string, string> - Expire
Time string - Timestamp in UTC when the Secret is scheduled to expire.
- Labels Dictionary<string, string>
- The labels assigned to this Secret.
- Name string
- The resource name of the Pub/Sub topic that will be published to.
- Project string
- The ID of the project.
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Replications
List<Get
Secrets Secret Replication> - The replication policy of the secret data attached to the Secret. Structure is documented below.
- Rotations
List<Get
Secrets Secret Rotation> - The rotation time and period for a Secret. Structure is documented below.
- Secret
Id string - This must be unique within the project.
- Dictionary<string, string>
- A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}.
- Topics
List<Get
Secrets Secret Topic> - A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. Structure is documented below.
- Ttl string
- The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Only one of 'ttl' or 'expire_time' can be provided.
- Version
Aliases Dictionary<string, string> - Mapping from version alias to version name.
- Version
Destroy stringTtl - The version destroy ttl for the secret version.
- Annotations map[string]string
- Custom metadata about the secret.
- Create
Time string - The time at which the Secret was created.
- Deletion
Protection bool - Effective
Annotations map[string]string - Effective
Labels map[string]string - Expire
Time string - Timestamp in UTC when the Secret is scheduled to expire.
- Labels map[string]string
- The labels assigned to this Secret.
- Name string
- The resource name of the Pub/Sub topic that will be published to.
- Project string
- The ID of the project.
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Replications
[]Get
Secrets Secret Replication - The replication policy of the secret data attached to the Secret. Structure is documented below.
- Rotations
[]Get
Secrets Secret Rotation - The rotation time and period for a Secret. Structure is documented below.
- Secret
Id string - This must be unique within the project.
- map[string]string
- A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}.
- Topics
[]Get
Secrets Secret Topic - A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. Structure is documented below.
- Ttl string
- The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Only one of 'ttl' or 'expire_time' can be provided.
- Version
Aliases map[string]string - Mapping from version alias to version name.
- Version
Destroy stringTtl - The version destroy ttl for the secret version.
- annotations Map<String,String>
- Custom metadata about the secret.
- create
Time String - The time at which the Secret was created.
- deletion
Protection Boolean - effective
Annotations Map<String,String> - effective
Labels Map<String,String> - expire
Time String - Timestamp in UTC when the Secret is scheduled to expire.
- labels Map<String,String>
- The labels assigned to this Secret.
- name String
- The resource name of the Pub/Sub topic that will be published to.
- project String
- The ID of the project.
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- replications
List<Get
Secrets Secret Replication> - The replication policy of the secret data attached to the Secret. Structure is documented below.
- rotations
List<Get
Secrets Secret Rotation> - The rotation time and period for a Secret. Structure is documented below.
- secret
Id String - This must be unique within the project.
- Map<String,String>
- A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}.
- topics
List<Get
Secrets Secret Topic> - A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. Structure is documented below.
- ttl String
- The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Only one of 'ttl' or 'expire_time' can be provided.
- version
Aliases Map<String,String> - Mapping from version alias to version name.
- version
Destroy StringTtl - The version destroy ttl for the secret version.
- annotations {[key: string]: string}
- Custom metadata about the secret.
- create
Time string - The time at which the Secret was created.
- deletion
Protection boolean - effective
Annotations {[key: string]: string} - effective
Labels {[key: string]: string} - expire
Time string - Timestamp in UTC when the Secret is scheduled to expire.
- labels {[key: string]: string}
- The labels assigned to this Secret.
- name string
- The resource name of the Pub/Sub topic that will be published to.
- project string
- The ID of the project.
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- replications
Get
Secrets Secret Replication[] - The replication policy of the secret data attached to the Secret. Structure is documented below.
- rotations
Get
Secrets Secret Rotation[] - The rotation time and period for a Secret. Structure is documented below.
- secret
Id string - This must be unique within the project.
- {[key: string]: string}
- A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}.
- topics
Get
Secrets Secret Topic[] - A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. Structure is documented below.
- ttl string
- The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Only one of 'ttl' or 'expire_time' can be provided.
- version
Aliases {[key: string]: string} - Mapping from version alias to version name.
- version
Destroy stringTtl - The version destroy ttl for the secret version.
- annotations Mapping[str, str]
- Custom metadata about the secret.
- create_
time str - The time at which the Secret was created.
- deletion_
protection bool - effective_
annotations Mapping[str, str] - effective_
labels Mapping[str, str] - expire_
time str - Timestamp in UTC when the Secret is scheduled to expire.
- labels Mapping[str, str]
- The labels assigned to this Secret.
- name str
- The resource name of the Pub/Sub topic that will be published to.
- project str
- The ID of the project.
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- replications
Sequence[Get
Secrets Secret Replication] - The replication policy of the secret data attached to the Secret. Structure is documented below.
- rotations
Sequence[Get
Secrets Secret Rotation] - The rotation time and period for a Secret. Structure is documented below.
- secret_
id str - This must be unique within the project.
- Mapping[str, str]
- A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}.
- topics
Sequence[Get
Secrets Secret Topic] - A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. Structure is documented below.
- ttl str
- The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Only one of 'ttl' or 'expire_time' can be provided.
- version_
aliases Mapping[str, str] - Mapping from version alias to version name.
- version_
destroy_ strttl - The version destroy ttl for the secret version.
- annotations Map<String>
- Custom metadata about the secret.
- create
Time String - The time at which the Secret was created.
- deletion
Protection Boolean - effective
Annotations Map<String> - effective
Labels Map<String> - expire
Time String - Timestamp in UTC when the Secret is scheduled to expire.
- labels Map<String>
- The labels assigned to this Secret.
- name String
- The resource name of the Pub/Sub topic that will be published to.
- project String
- The ID of the project.
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- replications List<Property Map>
- The replication policy of the secret data attached to the Secret. Structure is documented below.
- rotations List<Property Map>
- The rotation time and period for a Secret. Structure is documented below.
- secret
Id String - This must be unique within the project.
- Map<String>
- A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/{tag_value_id}.
- topics List<Property Map>
- A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. Structure is documented below.
- ttl String
- The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Only one of 'ttl' or 'expire_time' can be provided.
- version
Aliases Map<String> - Mapping from version alias to version name.
- version
Destroy StringTtl - The version destroy ttl for the secret version.
GetSecretsSecretReplication
- Autos
List<Get
Secrets Secret Replication Auto> - The Secret will automatically be replicated without any restrictions. Structure is documented below.
- User
Manageds List<GetSecrets Secret Replication User Managed> - The Secret will be replicated to the regions specified by the user. Structure is documented below.
- Autos
[]Get
Secrets Secret Replication Auto - The Secret will automatically be replicated without any restrictions. Structure is documented below.
- User
Manageds []GetSecrets Secret Replication User Managed - The Secret will be replicated to the regions specified by the user. Structure is documented below.
- autos
List<Get
Secrets Secret Replication Auto> - The Secret will automatically be replicated without any restrictions. Structure is documented below.
- user
Manageds List<GetSecrets Secret Replication User Managed> - The Secret will be replicated to the regions specified by the user. Structure is documented below.
- autos
Get
Secrets Secret Replication Auto[] - The Secret will automatically be replicated without any restrictions. Structure is documented below.
- user
Manageds GetSecrets Secret Replication User Managed[] - The Secret will be replicated to the regions specified by the user. Structure is documented below.
- autos
Sequence[Get
Secrets Secret Replication Auto] - The Secret will automatically be replicated without any restrictions. Structure is documented below.
- user_
manageds Sequence[GetSecrets Secret Replication User Managed] - The Secret will be replicated to the regions specified by the user. Structure is documented below.
- autos List<Property Map>
- The Secret will automatically be replicated without any restrictions. Structure is documented below.
- user
Manageds List<Property Map> - The Secret will be replicated to the regions specified by the user. Structure is documented below.
GetSecretsSecretReplicationAuto
- Customer
Managed List<GetEncryptions Secrets Secret Replication Auto Customer Managed Encryption> - Customer Managed Encryption for the secret. Structure is documented below.
- Customer
Managed []GetEncryptions Secrets Secret Replication Auto Customer Managed Encryption - Customer Managed Encryption for the secret. Structure is documented below.
- customer
Managed List<GetEncryptions Secrets Secret Replication Auto Customer Managed Encryption> - Customer Managed Encryption for the secret. Structure is documented below.
- customer
Managed GetEncryptions Secrets Secret Replication Auto Customer Managed Encryption[] - Customer Managed Encryption for the secret. Structure is documented below.
- customer_
managed_ Sequence[Getencryptions Secrets Secret Replication Auto Customer Managed Encryption] - Customer Managed Encryption for the secret. Structure is documented below.
- customer
Managed List<Property Map>Encryptions - Customer Managed Encryption for the secret. Structure is documented below.
GetSecretsSecretReplicationAutoCustomerManagedEncryption
- Kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- Kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key StringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms_
key_ strname - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key StringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
GetSecretsSecretReplicationUserManaged
- Replicas
List<Get
Secrets Secret Replication User Managed Replica> - The list of Replicas for this Secret. Structure is documented below.
- Replicas
[]Get
Secrets Secret Replication User Managed Replica - The list of Replicas for this Secret. Structure is documented below.
- replicas
List<Get
Secrets Secret Replication User Managed Replica> - The list of Replicas for this Secret. Structure is documented below.
- replicas
Get
Secrets Secret Replication User Managed Replica[] - The list of Replicas for this Secret. Structure is documented below.
- replicas
Sequence[Get
Secrets Secret Replication User Managed Replica] - The list of Replicas for this Secret. Structure is documented below.
- replicas List<Property Map>
- The list of Replicas for this Secret. Structure is documented below.
GetSecretsSecretReplicationUserManagedReplica
- Customer
Managed List<GetEncryptions Secrets Secret Replication User Managed Replica Customer Managed Encryption> - Customer Managed Encryption for the secret. Structure is documented below.
- Location string
- The canonical IDs of the location to replicate data.
- Customer
Managed []GetEncryptions Secrets Secret Replication User Managed Replica Customer Managed Encryption - Customer Managed Encryption for the secret. Structure is documented below.
- Location string
- The canonical IDs of the location to replicate data.
- customer
Managed List<GetEncryptions Secrets Secret Replication User Managed Replica Customer Managed Encryption> - Customer Managed Encryption for the secret. Structure is documented below.
- location String
- The canonical IDs of the location to replicate data.
- customer
Managed GetEncryptions Secrets Secret Replication User Managed Replica Customer Managed Encryption[] - Customer Managed Encryption for the secret. Structure is documented below.
- location string
- The canonical IDs of the location to replicate data.
- customer_
managed_ Sequence[Getencryptions Secrets Secret Replication User Managed Replica Customer Managed Encryption] - Customer Managed Encryption for the secret. Structure is documented below.
- location str
- The canonical IDs of the location to replicate data.
- customer
Managed List<Property Map>Encryptions - Customer Managed Encryption for the secret. Structure is documented below.
- location String
- The canonical IDs of the location to replicate data.
GetSecretsSecretReplicationUserManagedReplicaCustomerManagedEncryption
- Kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- Kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key StringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key stringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms_
key_ strname - Describes the Cloud KMS encryption key that will be used to protect destination secret.
- kms
Key StringName - Describes the Cloud KMS encryption key that will be used to protect destination secret.
GetSecretsSecretRotation
- Next
Rotation stringTime - Timestamp in UTC at which the Secret is scheduled to rotate.
- Rotation
Period string - The Duration between rotation notifications.
- Next
Rotation stringTime - Timestamp in UTC at which the Secret is scheduled to rotate.
- Rotation
Period string - The Duration between rotation notifications.
- next
Rotation StringTime - Timestamp in UTC at which the Secret is scheduled to rotate.
- rotation
Period String - The Duration between rotation notifications.
- next
Rotation stringTime - Timestamp in UTC at which the Secret is scheduled to rotate.
- rotation
Period string - The Duration between rotation notifications.
- next_
rotation_ strtime - Timestamp in UTC at which the Secret is scheduled to rotate.
- rotation_
period str - The Duration between rotation notifications.
- next
Rotation StringTime - Timestamp in UTC at which the Secret is scheduled to rotate.
- rotation
Period String - The Duration between rotation notifications.
GetSecretsSecretTopic
- Name string
- The resource name of the Pub/Sub topic that will be published to.
- Name string
- The resource name of the Pub/Sub topic that will be published to.
- name String
- The resource name of the Pub/Sub topic that will be published to.
- name string
- The resource name of the Pub/Sub topic that will be published to.
- name str
- The resource name of the Pub/Sub topic that will be published to.
- name String
- The resource name of the Pub/Sub topic that will be published to.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
