Console
    Start free

    gcloud beta secrets create

    NAME
    gcloud beta secrets create - create a new secret
    SYNOPSIS
    gcloud beta secrets create SECRET [ --data-file = PATH ] [ --labels =[ KEY = VALUE , …]] [ --location = LOCATION ] [ --regional-kms-key-name = KMS-KEY-NAME ] [ --set-annotations =[ KEY = VALUE , …]] [ --tags =[ KEY = VALUE , …]] [ --topics =[ TOPICS , …]] [ --version-destroy-ttl = VERSION-DESTROY-TTL ] [ --expire-time = EXPIRE-TIME     | --ttl = TTL ] [ --next-rotation-time = NEXT_ROTATION_TIME --rotation-period = ROTATION_PERIOD ] [ --replication-policy-file = REPLICATION-POLICY-FILE     | --kms-key-name = KMS-KEY-NAME --locations =[ LOCATION , …] --replication-policy = POLICY ] [ GCLOUD_WIDE_FLAG ]
    DESCRIPTION
    (BETA) Create a secret with the given name and creates a secret version with the given data, if any. Note, the created secret ends with a newline. If a secret already exists with the given name, this command will return an error.
    EXAMPLES
    Create a secret with an automatic replication policy without creating any versions: 
     gcloud  
beta  
secrets  
create  
my-secret

    Create a new secret named 'my-secret' with an automatic replication policy and data from a file:

     gcloud  
beta  
secrets  
create  
my-secret  
 --data-file 
 = 
/tmp/secret

    Create a new secret named 'my-secret' in 'us-central1' with data from a file:

     gcloud  
beta  
secrets  
create  
my-secret  
 --data-file 
 = 
/tmp/secret  
 --replication-policy 
 = 
user-managed  
 --locations 
 = 
us-central1

    Create a new secret named 'my-secret' in 'us-central1' and 'us-east1' with the value "s3cr3t":

      printf 
  
 "s3cr3t" 
  
 | 
  
gcloud  
beta  
secrets  
create  
my-secret  
 --data-file 
 = 
-  
 --replication-policy 
 = 
user-managed  
 --locations 
 = 
us-central1,us-east1

    Create a new secret named 'my-secret' in 'us-central1' and 'us-east1' with the value "s3cr3t" in PowerShell (Note: PowerShell will add a newline to the resulting secret):

     Write-Output  
 "s3cr3t" 
  
 | 
  
gcloud  
beta  
secrets  
create  
my-secret  
 --data-file 
 = 
-  
 --replication-policy 
 = 
user-managed  
 --locations 
 = 
us-central1,us-east1

    Create an expiring secret with an automatic replication policy using a ttl:

     gcloud  
beta  
secrets  
create  
my-secret  
 --ttl 
 = 
 "600s"

    Create an expiring secret with an automatic replication policy using an expire-time:

     gcloud  
beta  
secrets  
create  
my-secret  
 --expire-time 
 = 
 "2030-01-01T08:15:30-05:00"

    Create a secret with an automatic replication policy and a next rotation time:

     gcloud  
beta  
secrets  
create  
my-secret  
 --next-rotation-time 
 = 
 "2030-01-01T15:30:00-05:00"

    Create a secret with an automatic replication policy and a rotation period:

     gcloud  
beta  
secrets  
create  
my-secret  
 --next-rotation-time 
 = 
 "2030-01-01T15:30:00-05:00" 
  
 --rotation-period 
 = 
 "7200s"

    Create a secret with delayed secret version destroy enabled:

     gcloud  
beta  
secrets  
create  
my-secret  
 --version-destroy-ttl 
 = 
 "86400s"
    POSITIONAL ARGUMENTS
    Secret resource - The secret to create. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

    To set the project attribute:

    • provide the argument SECRET on the command line with a fully specified name;
    • provide the argument --project on the command line;
    • set the property core/project .

    This must be specified.

    SECRET
    ID of the secret or fully qualified identifier for the secret.

    To set the secret attribute:

    • provide the argument SECRET on the command line.
    FLAGS
    --data-file = PATH
    File path from which to read secret data. Set this to "-" to read the secret data from stdin.
    --labels =[ KEY = VALUE ,…]
    List of label KEY=VALUE pairs to add.

    Keys must start with a lowercase character and contain only hyphens ( - ), underscores ( _ ), lowercase characters, and numbers. Values must contain only hyphens ( - ), underscores ( _ ), lowercase characters, and numbers.

    Location resource - The location to create secret. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

    To set the project attribute:

    • provide the argument --location on the command line with a fully specified name;
    • provide the argument --project on the command line;
    • set the property core/project .
    --location = LOCATION
    ID of the location or fully qualified identifier for the location.

    To set the location attribute:

    • provide the argument --location on the command line.
    --regional-kms-key-name = KMS-KEY-NAME
    Regional KMS key with which to encrypt and decrypt the secret. Only valid for regional secrets.
    Annotations
    --set-annotations =[ KEY = VALUE ,…]
    List of key-value pairs to set as Annotations. All existing Annotations will be removed first.
    --tags =[ KEY = VALUE ,…]
    List of tags KEY=VALUE pairs to bind. Each item must be expressed as <tag-key-namespaced-name>=<tag-value-short-name> .

    Example: 123/environment=production,123/costCenter=marketing

    --topics =[ TOPICS ,…]
    List of Pub/Sub topics to configure on the secret.
    --version-destroy-ttl = VERSION-DESTROY-TTL
    Secret Version Time To Live (TTL) after destruction request. For secret with TTL>0, version destruction does not happen immediately on calling destroy; instead, the version goes to a disabled state and destruction happens after the TTL expires. See $ gcloud topic datetimes for information on duration formats.
    Expiration.

    At most one of these can be specified:

    --expire-time = EXPIRE-TIME
    Timestamp at which to automatically delete the secret.
    --ttl = TTL
    Duration of time (in seconds) from the running of the command until the secret is automatically deleted.
    Rotation.
    --next-rotation-time = NEXT_ROTATION_TIME
    Timestamp at which to send rotation notification.
    --rotation-period = ROTATION_PERIOD
    Duration of time (in seconds) between rotation notifications.
    Replication policy.

    At most one of these can be specified:

    --replication-policy-file = REPLICATION-POLICY-FILE
    JSON or YAML file to use to read the replication policy. The file must conform to https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets#replication.Set this to "-" to read from stdin.
    Or at least one of these can be specified:
    Inline replication arguments.
    --kms-key-name = KMS-KEY-NAME
    Global KMS key with which to encrypt and decrypt the secret. Only valid for secrets with an automatic replication policy.
    --locations =[ LOCATION ,…]
    Comma-separated list of locations in which the secret should be replicated.
    --replication-policy = POLICY
    The type of replication policy to apply to this secret. Allowed values are "automatic" and "user-managed". If user-managed then --locations must also be provided.
    GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file , --account , --billing-project , --configuration , --flags-file , --flatten , --format , --help , --impersonate-service-account , --log-http , --project , --quiet , --trace-token , --user-output-enabled , --verbosity .

    Run $ gcloud help for details.

    NOTES
    This command is currently in beta and might change without notice. This variant is also available: 
      gcloud  
secrets  
create
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: