Skip to main content
← back to extensions

@swamp/gcp/secretmanager

v2026.04.23.1

Google Cloud secretmanager infrastructure models

Repository

https://github.com/systeminit/swamp-extensions

Platforms

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

Labels

gcpgoogle-cloudsecretmanagercloudinfrastructure

Contents

models

Quality score

Verified by Swamp

How well-documented and verifiable this extension is.

100%

Grade A

  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • At least one platform tag (or universal)1/1earned
  • Two or more platform tags (or universal)1/1earned
  • License declared1/1earned
  • Verified public repository2/2earned

Install

$ swamp extension pull @swamp/gcp/secretmanager

@swamp/gcp/secretmanager/locationsv2026.04.23.1locations.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
getGet a locations
ArgumentTypeDescription
identifierstringThe name of the locations
syncSync locations state from GCP

Resources

state(infinite)— A resource that represents a Google Cloud location.
@swamp/gcp/secretmanager/secretsv2026.04.23.1secrets.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
annotations?recordOptional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys an
customerManagedEncryption?objectConfiguration for encrypting secret payloads using customer-managed encryption keys (CMEK).
expireTime?stringOptional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
labels?recordThe labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\\p{Ll}\\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.
replication?objectA policy that defines the replication and encryption configuration of data.
rotation?objectThe rotation time and period for a Secret. At next_rotation_time, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. Secret.topics must be set to configure rotation.
tags?recordOptional. Input only. Immutable. Mapping of Tag keys/values directly bound to this resource. For example: "123/environment": "production", "123/costCenter": "marketing" Tags are used to organize and group resources. Tags can be used to control policy evaluation for the resource.
topics?arrayOptional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
ttl?stringInput only. The TTL for the Secret.
versionAliases?recordOptional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. Access by alias is only be supported o
versionDestroyTtl?stringOptional. Secret Version TTL after destruction request This is a part of the Delayed secret version destroy feature. For secret with TTL>0, version destruction doesn't happen immediately on calling destroy instead the version goes to a disabled state and destruction happens after the TTL expires.
secretId?stringRequired. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore (`_`) characters.
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
createCreate a secrets
getGet a secrets
ArgumentTypeDescription
identifierstringThe name of the secrets
updateUpdate secrets attributes
deleteDelete the secrets
ArgumentTypeDescription
identifierstringThe name of the secrets
syncSync secrets state from GCP
add_versionadd version
ArgumentTypeDescription
payload?any

Resources

state(infinite)— A Secret is a logical secret whose value and versions can be accessed. A Secr...
@swamp/gcp/secretmanager/secrets-versionsv2026.04.23.1secrets_versions.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
location?stringThe location for this resource (e.g., 'us', 'us-central1', 'europe-west1')
getGet a versions
ArgumentTypeDescription
identifierstringThe name of the versions
syncSync versions state from GCP
accessaccess
destroydestroy
ArgumentTypeDescription
etag?any
disabledisable
ArgumentTypeDescription
etag?any
enableenable
ArgumentTypeDescription
etag?any

Resources

state(infinite)— A secret version resource in the Secret Manager API.