Console
    Contact Us Start free

    Enable a disabled secret version

    This page describes how to enable a disabled secret version so that you can access the version and the secret data that it contains.

    Required roles

    To get the permissions that you need to enable a disabled secret version, ask your administrator to grant you the Secret Manager Secret Version Manager ( roles/secretmanager.secretVersionManager ) IAM role on a secret. For more information about granting roles, see Manage access to projects, folders, and organizations .

    You might also be able to get the required permissions through custom roles or other predefined roles .

    Enable a disabled secret version

    To enable a disabled secret version, use one of the following methods:

    Console

    1. In the Google Cloud console, go to the Secret Manager page.

      Go to Secret Manager

    2. On the Secret Manager page, click a secret to access its versions.

    3. On the secret details page, in the Versions tab, select the disabled secret version that you want to enable.

    4. Click Actions , and then click Enable .

    5. In the confirmation dialog that appears, click Enable selected versions .

    gcloud

    Before using any of the command data below, make the following replacements:

    • VERSION_ID : the ID of the secret version
    • SECRET_ID : the ID of the secret

    Execute the following command:

    Linux, macOS, or Cloud Shell

    gcloud  
secrets  
versions  
 enable 
  
 VERSION_ID 
  
--secret = 
 SECRET_ID

    Windows (PowerShell)

    gcloud  
secrets  
versions  
 enable 
  
 VERSION_ID 
  
--secret = 
 SECRET_ID

    Windows (cmd.exe)

    gcloud  
secrets  
versions  
 enable 
  
 VERSION_ID 
  
--secret = 
 SECRET_ID

    REST

    Before using any of the request data, make the following replacements:

    • PROJECT_ID : the Google Cloud project ID
    • SECRET_ID : the ID of the secret
    • VERSION_ID : the ID of the secret version

    HTTP method and URL:

    POST https://secretmanager.googleapis.com/v1/projects/ PROJECT_ID 
/secrets/ SECRET_ID 
/versions/ VERSION_ID 
:enable

    Request JSON body:

    {}

    To send your request, choose one of these options:

    curl

    Save the request body in a file named request.json , and execute the following command:

    curl -X POST \
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    -d @request.json \
    "https://secretmanager.googleapis.com/v1/projects/ PROJECT_ID 
/secrets/ SECRET_ID 
/versions/ VERSION_ID 
:enable"

    PowerShell

    Save the request body in a file named request.json , and execute the following command:

    $cred = gcloud auth print-access-token
    $headers = @{ "Authorization" = "Bearer $cred" }

    Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://secretmanager.googleapis.com/v1/projects/ PROJECT_ID 
/secrets/ SECRET_ID 
/versions/ VERSION_ID 
:enable" | Select-Object -Expand Content

    You should receive a JSON response similar to the following:

    {
  "name": "projects/ PROJECT_ID 
/locations/ LOCATION 
/secrets/ SECRET_ID 
/versions/ VERSION_ID 
",
  "createTime": "2024-09-02T07:16:34.566706Z",
  "state": "ENABLED",
  "etag": "\"16214547e7583e\""
}

    C#

    To run this code, first set up a C# development environment and install the Secret Manager C# SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      using 
  
  Google.Cloud.SecretManager.V1 
 
 ; 
 public 
  
 class 
  
 EnableSecretVersionSample 
 { 
  
 public 
  
 SecretVersion 
  
 EnableSecretVersion 
 ( 
  
 string 
  
 projectId 
  
 = 
  
 "my-project" 
 , 
  
 string 
  
 secretId 
  
 = 
  
 "my-secret" 
 , 
  
 string 
  
 secretVersionId 
  
 = 
  
 "123" 
 ) 
  
 { 
  
 // Create the client. 
  
  SecretManagerServiceClient 
 
  
 client 
  
 = 
  
  SecretManagerServiceClient 
 
 . 
  Create 
 
 (); 
  
 // Build the resource name. 
  
  SecretVersionName 
 
  
 secretVersionName 
  
 = 
  
 new 
  
  SecretVersionName 
 
 ( 
 projectId 
 , 
  
 secretId 
 , 
  
 secretVersionId 
 ); 
  
 // Call the API. 
  
  SecretVersion 
 
  
 version 
  
 = 
  
 client 
 . 
  EnableSecretVersion 
 
 ( 
 secretVersionName 
 ); 
  
 return 
  
 version 
 ; 
  
 } 
 }

    Go

    To run this code, first set up a Go development environment and install the Secret Manager Go SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      import 
  
 ( 
  
 "context" 
  
 "fmt" 
  
 secretmanager 
  
 "cloud.google.com/go/secretmanager/apiv1" 
  
 "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb" 
 ) 
 // enableSecretVersion enables the given secret version, enabling it to be 
 // accessed after previously being disabled. Other secrets versions are 
 // unaffected. 
 func 
  
 enableSecretVersion 
 ( 
 name 
  
 string 
 ) 
  
 error 
  
 { 
  
 // name := "projects/my-project/secrets/my-secret/versions/5" 
  
 // Create the client. 
  
 ctx 
  
 := 
  
 context 
 . 
 Background 
 () 
  
 client 
 , 
  
 err 
  
 := 
  
 secretmanager 
 . 
  NewClient 
 
 ( 
 ctx 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "failed to create secretmanager client: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 defer 
  
 client 
 . 
  Close 
 
 () 
  
 // Build the request. 
  
 req 
  
 := 
  
& secretmanagerpb 
 . 
 EnableSecretVersionRequest 
 { 
  
 Name 
 : 
  
 name 
 , 
  
 } 
  
 // Call the API. 
  
 if 
  
 _ 
 , 
  
 err 
  
 := 
  
 client 
 . 
 EnableSecretVersion 
 ( 
 ctx 
 , 
  
 req 
 ); 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "failed to enable secret version: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 return 
  
 nil 
 }

    Java

    To run this code, first set up a Java development environment and install the Secret Manager Java SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      import 
  
 com.google.cloud.secretmanager.v1. SecretManagerServiceClient 
 
 ; 
 import 
  
 com.google.cloud.secretmanager.v1. SecretVersion 
 
 ; 
 import 
  
 com.google.cloud.secretmanager.v1. SecretVersionName 
 
 ; 
 import 
  
 java.io.IOException 
 ; 
 public 
  
 class 
 EnableSecretVersion 
  
 { 
  
 public 
  
 static 
  
 void 
  
 enableSecretVersion 
 () 
  
 throws 
  
 IOException 
  
 { 
  
 // TODO(developer): Replace these variables before running the sample. 
  
 String 
  
 projectId 
  
 = 
  
 "your-project-id" 
 ; 
  
 String 
  
 secretId 
  
 = 
  
 "your-secret-id" 
 ; 
  
 String 
  
 versionId 
  
 = 
  
 "your-version-id" 
 ; 
  
 enableSecretVersion 
 ( 
 projectId 
 , 
  
 secretId 
 , 
  
 versionId 
 ); 
  
 } 
  
 // Enable an existing secret version. 
  
 public 
  
 static 
  
 void 
  
 enableSecretVersion 
 ( 
 String 
  
 projectId 
 , 
  
 String 
  
 secretId 
 , 
  
 String 
  
 versionId 
 ) 
  
 throws 
  
 IOException 
  
 { 
  
 // Initialize client that will be used to send requests. This client only needs to be created 
  
 // once, and can be reused for multiple requests. After completing all of your requests, call 
  
 // the "close" method on the client to safely clean up any remaining background resources. 
  
 try 
  
 ( 
  SecretManagerServiceClient 
 
  
 client 
  
 = 
  
  SecretManagerServiceClient 
 
 . 
 create 
 ()) 
  
 { 
  
 // Build the name from the version. 
  
  SecretVersionName 
 
  
 secretVersionName 
  
 = 
  
  SecretVersionName 
 
 . 
 of 
 ( 
 projectId 
 , 
  
 secretId 
 , 
  
 versionId 
 ); 
  
 // Enable the secret version. 
  
  SecretVersion 
 
  
 version 
  
 = 
  
 client 
 . 
 enableSecretVersion 
 ( 
 secretVersionName 
 ); 
  
 System 
 . 
 out 
 . 
 printf 
 ( 
 "Enabled secret version %s\n" 
 , 
  
 version 
 . 
  getName 
 
 ()); 
  
 } 
  
 } 
 }

    Node.js

    To run this code, first set up a Node.js development environment and install the Secret Manager Node.js SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      /** 
 * TODO(developer): Uncomment these variables before running the sample. 
 */ 
 // const name = 'projects/my-project/secrets/my-secret/versions/5'; 
 // Imports the Secret Manager library 
 const 
  
 { 
 SecretManagerServiceClient 
 } 
  
 = 
  
 require 
 ( 
 ' @google-cloud/secret-manager 
' 
 ); 
 // Instantiates a client 
 const 
  
 client 
  
 = 
  
 new 
  
  SecretManagerServiceClient 
 
 (); 
 async 
  
 function 
  
 enableSecretVersion 
 () 
  
 { 
  
 const 
  
 [ 
 version 
 ] 
  
 = 
  
 await 
  
 client 
 . 
 enableSecretVersion 
 ({ 
  
 name 
 : 
  
 name 
 , 
  
 }); 
  
 console 
 . 
 info 
 ( 
 `Enabled 
 ${ 
 version 
 . 
 name 
 } 
 ` 
 ); 
 } 
 enableSecretVersion 
 ();

    PHP

    To run this code, first learn about using PHP on Google Cloud and install the Secret Manager PHP SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      // Import the Secret Manager client library. 
 use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient; 
 use Google\Cloud\SecretManager\V1\EnableSecretVersionRequest; 
 /** 
 * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project') 
 * @param string $secretId  Your secret ID (e.g. 'my-secret') 
 * @param string $versionId Your version ID (e.g. 'latest' or '5'); 
 */ 
 function enable_secret_version(string $projectId, string $secretId, string $versionId): void 
 { 
 // Create the Secret Manager client. 
 $client = new SecretManagerServiceClient(); 
 // Build the resource name of the secret version. 
 $name = $client->secretVersionName($projectId, $secretId, $versionId); 
 // Build the request. 
 $request = EnableSecretVersionRequest::build($name); 
 // Enable the secret version. 
 $response = $client->enableSecretVersion($request); 
 // Print a success message. 
 printf('Enabled secret version: %s', $response->getName()); 
 }

    Python

    To run this code, first set up a Python development environment and install the Secret Manager Python SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      def 
  
 enable_secret_version 
 ( 
 project_id 
 : 
 str 
 , 
 secret_id 
 : 
 str 
 , 
 version_id 
 : 
 str 
 ) 
 - 
> secretmanager 
 . 
 EnableSecretVersionRequest 
 : 
  
 """ 
 Enable the given secret version, enabling it to be accessed after 
 previously being disabled. Other secrets versions are unaffected. 
 """ 
 # Import the Secret Manager client library. 
 from 
  
 google.cloud 
  
 import 
 secretmanager 
 # Create the Secret Manager client. 
 client 
 = 
 secretmanager 
 . 
 SecretManagerServiceClient 
 () 
 # Build the resource name of the secret version 
 name 
 = 
 f 
 "projects/ 
 { 
 project_id 
 } 
 /secrets/ 
 { 
 secret_id 
 } 
 /versions/ 
 { 
 version_id 
 } 
 " 
 # Disable the secret version. 
 response 
 = 
 client 
 . 
 enable_secret_version 
 ( 
 request 
 = 
 { 
 "name" 
 : 
 name 
 }) 
 print 
 ( 
 f 
 "Enabled secret version: 
 { 
 response 
 . 
 name 
 } 
 " 
 )

    Ruby

    To run this code, first set up a Ruby development environment and install the Secret Manager Ruby SDK . On Compute Engine or GKE, you must authenticate with the cloud-platform scope .

      # project_id = "YOUR-GOOGLE-CLOUD-PROJECT"  # (e.g. "my-project") 
 # secret_id  = "YOUR-SECRET-ID"             # (e.g. "my-secret") 
 # version_id = "YOUR-VERSION"               # (e.g. "5" or "latest") 
 # Require the Secret Manager client library. 
 require 
  
 "google/cloud/secret_manager" 
 # Create a Secret Manager client. 
 client 
  
 = 
  
 Google 
 :: 
 Cloud 
 :: 
  SecretManager 
 
 . 
  secret_manager_service 
 
 # Build the resource name of the secret version. 
 name 
  
 = 
  
 client 
 . 
 secret_version_path 
 ( 
  
 project 
 : 
  
 project_id 
 , 
  
 secret 
 : 
  
 secret_id 
 , 
  
 secret_version 
 : 
  
 version_id 
 ) 
 # Enable the secret version. 
 response 
  
 = 
  
 client 
 . 
 enable_secret_version 
  
 name 
 : 
  
 name 
 # Print a success message. 
 puts 
  
 "Enabled secret version: 
 #{ 
 response 
 . 
 name 
 } 
 "

    What's next
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: