- NAME
-
- gcloud secrets set-iam-policy - set the IAM policy binding for a secret
- SYNOPSIS
-
-
gcloud secrets set-iam-policySECRETPOLICY_FILE[--location=LOCATION] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
- Sets the IAM policy for the given secret as defined in a JSON or YAML file.
See https://cloud.google.com/iam/docs/managing-policies for details of the policy file format and contents.
- EXAMPLES
- The following command will read an IAM policy defined in a JSON file
'policy.json' and set it for the secret 'my-secret':
gcloud secrets set-iam-policy my-secret policy.json - POSITIONAL ARGUMENTS
-
- Secret resource - Name of the secret for which to set the IAM policy. This
represents a Cloud resource. (NOTE) Some attributes are not given arguments in
this group but can be set in other ways.
To set the
projectattribute:- provide the argument
SECRETon the command line with a fully specified name; - provide the argument
--projecton the command line; - set the property
core/project.
This must be specified.
-
SECRET - ID of the secret or fully qualified identifier for the secret.
To set the
secretattribute:- provide the argument
SECRETon the command line.
- provide the argument
- provide the argument
-
POLICY_FILE - Path to a local JSON or YAML formatted file containing a valid policy.
The output of the
get-iam-policycommand is a valid file, as is any JSON or YAML file conforming to the structure of a Policy .
- Secret resource - Name of the secret for which to set the IAM policy. This
represents a Cloud resource. (NOTE) Some attributes are not given arguments in
this group but can be set in other ways.
- FLAGS
-
- Location resource - The location to set iam policy. This represents a Cloud
resource. (NOTE) Some attributes are not given arguments in this group but can
be set in other ways.
To set the
projectattribute:- provide the argument
--locationon the command line with a fully specified name; - provide the argument
--projecton the command line; - set the property
core/project.
- provide the argument
-
--location=LOCATION - ID of the location or fully qualified identifier for the location.
To set the
locationattribute:- provide the argument
--locationon the command line.
- provide the argument
- Location resource - The location to set iam policy. This represents a Cloud
resource. (NOTE) Some attributes are not given arguments in this group but can
be set in other ways.
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
- This variant is also available:
gcloud beta secrets set-iam-policy
gcloud secrets set-iam-policy
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.
