Console
    Contact Us Start free

    Secret Manager roles and permissions

    This page lists the IAM roles and permissions for Secret Manager. To search through all roles and permissions, see the role and permission index .

    Secret Manager roles

    Role
    Permissions

    ( roles/ secretmanager.admin )

    Full access to administer Secret Manager resources.

    Lowest-level resources where you can grant this role:

    • Secret

    cloudkms.keyHandles.*

    • cloudkms.keyHandles.create
    • cloudkms.keyHandles.get
    • cloudkms.keyHandles.list

    cloudkms.operations.get

    cloudkms. projects. showEffectiveAutokeyConfig

    resourcemanager.projects.get

    resourcemanager.projects.list

    secretmanager.*

    • secretmanager.locations.get
    • secretmanager.locations.list
    • secretmanager.secrets.create
    • secretmanager. secrets. createTagBinding
    • secretmanager.secrets.delete
    • secretmanager. secrets. deleteTagBinding
    • secretmanager.secrets.get
    • secretmanager. secrets. getIamPolicy
    • secretmanager.secrets.list
    • secretmanager. secrets. listEffectiveTags
    • secretmanager. secrets. listTagBindings
    • secretmanager. secrets. setIamPolicy
    • secretmanager.secrets.update
    • secretmanager.versions.access
    • secretmanager.versions.add
    • secretmanager.versions.destroy
    • secretmanager.versions.disable
    • secretmanager.versions.enable
    • secretmanager.versions.get
    • secretmanager.versions.list

    ( roles/ secretmanager.secretAccessor )

    Allows accessing the payload of secrets.

    Lowest-level resources where you can grant this role:

    • Secret

    resourcemanager.projects.get

    resourcemanager.projects.list

    secretmanager.versions.access

    ( roles/ secretmanager.secretVersionAdder )

    Allows adding versions to existing secrets.

    Lowest-level resources where you can grant this role:

    • Secret

    resourcemanager.projects.get

    resourcemanager.projects.list

    secretmanager.versions.add

    ( roles/ secretmanager.secretVersionManager )

    Allows creating and managing versions of existing secrets.

    Lowest-level resources where you can grant this role:

    • Secret

    resourcemanager.projects.get

    resourcemanager.projects.list

    secretmanager.versions.add

    secretmanager.versions.destroy

    secretmanager.versions.disable

    secretmanager.versions.enable

    secretmanager.versions.get

    secretmanager.versions.list

    ( roles/ secretmanager.viewer )

    Allows viewing metadata of all Secret Manager resources

    Lowest-level resources where you can grant this role:

    • Secret

    resourcemanager.projects.get

    resourcemanager.projects.list

    secretmanager.locations.*

    • secretmanager.locations.get
    • secretmanager.locations.list

    secretmanager.secrets.get

    secretmanager. secrets. getIamPolicy

    secretmanager.secrets.list

    secretmanager. secrets. listEffectiveTags

    secretmanager. secrets. listTagBindings

    secretmanager.versions.get

    secretmanager.versions.list

    Secret Manager permissions

    Permission
    Included in roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Viewer ( roles/ secretmanager.viewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Viewer ( roles/ secretmanager.viewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Owner ( roles/ owner )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Tag User ( roles/ resourcemanager.tagUser )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Owner ( roles/ owner )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Tag User ( roles/ resourcemanager.tagUser )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Viewer ( roles/ secretmanager.viewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Connector Admin ( roles/ connectors.admin )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Viewer ( roles/ secretmanager.viewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Viewer ( roles/ secretmanager.viewer )

    Service agent roles

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Viewer ( roles/ secretmanager.viewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

    DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Tag User ( roles/ resourcemanager.tagUser )

    Tag Viewer ( roles/ resourcemanager.tagViewer )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Viewer ( roles/ secretmanager.viewer )

    Owner ( roles/ owner )

    Security Admin ( roles/ iam.securityAdmin )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Owner ( roles/ owner )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Secret Accessor ( roles/ secretmanager.secretAccessor )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Secret Version Adder ( roles/ secretmanager.secretVersionAdder )

    Secret Manager Secret Version Manager ( roles/ secretmanager.secretVersionManager )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Secret Version Manager ( roles/ secretmanager.secretVersionManager )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Secret Version Manager ( roles/ secretmanager.secretVersionManager )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Secret Version Manager ( roles/ secretmanager.secretVersionManager )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Auditor ( roles/ iam.securityAuditor )

    Support User ( roles/ iam.supportUser )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Secret Version Manager ( roles/ secretmanager.secretVersionManager )

    Secret Manager Viewer ( roles/ secretmanager.viewer )

    Owner ( roles/ owner )

    Editor ( roles/ editor )

    Viewer ( roles/ viewer )

    Security Admin ( roles/ iam.securityAdmin )

    Security Auditor ( roles/ iam.securityAuditor )

    Security Reviewer ( roles/ iam.securityReviewer )

    Support User ( roles/ iam.supportUser )

    Secret Manager Admin ( roles/ secretmanager.admin )

    Secret Manager Secret Version Manager ( roles/ secretmanager.secretVersionManager )

    Secret Manager Viewer ( roles/ secretmanager.viewer )
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: