7

I'm trying to grab the latest secret version. Is there a way to do that without specifying the version number? Such as using the keyword "latest". I'm trying to avoid having to iterate through all the secret versions with a for loop as GCP documentation shows:

try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
  // Build the parent name.
  SecretName projectName = SecretName.of(projectId, secretId);

  // Get all versions.
  ListSecretVersionsPagedResponse pagedResponse = client.listSecretVersions(projectName);

  // List all versions and their state.
  pagedResponse
      .iterateAll()
      .forEach(
          version -> {
            System.out.printf("Secret version %s, %s\n", version.getName(), version.getState());
          });
}
EnglishBanana
  • 121
  • 1
  • 8
  • 3
    `latest` is an alias to the most recently created version. – Asdfg Aug 16 '21 at 15:19
  • latest is very handy but if you want to rollback to a previous version, "latest" doesn't mean "latest enabled". If you latest is disabled or destroyed, you'll get an empty file. – lbrucel Oct 06 '22 at 17:39

2 Answers2

18

Yes, you can use "latest" as the version number. This is called an "alias". At present, the only alias is "latest", but we may support more aliases in the future.

gcloud secrets versions access "latest" --secret "my-secret"

try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
  SecretVersionName secretVersionName = SecretVersionName.of(projectId, secretId, "latest"); // <-- here

  // Access the secret version.
  AccessSecretVersionResponse response = client.accessSecretVersion(secretVersionName);

  String payload = response.getPayload().getData().toStringUtf8();
  System.out.printf("Plaintext: %s\n", payload);
}
sethvargo
  • 26,739
  • 10
  • 86
  • 156
  • Yes thanks sethvargo, that was the answer. For some reason, it was throwing errors before when we used latest, maybe wasn't doing it correctly. But this worked. Appreciate the help mate. – EnglishBanana Aug 18 '21 at 15:10
  • I am assuming we cannot get latest-1 version somehow using any alias? – Ojasv singh Nov 24 '21 at 12:27
  • 2
    @sethvargo What if latest secret is disabled, How to access latest active secret available. – Bikram Aug 30 '22 at 23:32
  • 3
    I agree with Ojasv and Bikram. It would be really useful to get "latest enabled" for rollback purposes but "latest" returns an empty file / error if the latest is disabled or destroyed. – lbrucel Oct 06 '22 at 17:42
2
import com.google.cloud.secretmanager.v1.AccessSecretVersionResponse;
import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
import com.google.cloud.secretmanager.v1.SecretVersionName;
import java.io.IOException;

public class AccessSecretVersion {

  public static void accessSecretVersion() throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    String secretId = "your-secret-id";
    String versionId = "latest"; //<-- specify version
    accessSecretVersion(projectId, secretId, versionId);
  }

  // Access the payload for the given secret version if one exists. The version
  // can be a version number as a string (e.g. "5") or an alias (e.g. "latest").
  public static void accessSecretVersion(String projectId, String secretId, String versionId)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
      SecretVersionName secretVersionName = SecretVersionName.of(projectId, secretId, versionId);

      // Access the secret version.
      AccessSecretVersionResponse response = client.accessSecretVersion(secretVersionName);

      // Print the secret payload.
      //
      // WARNING: Do not print the secret in a production environment - this
      // snippet is showing how to access the secret material.
      String payload = response.getPayload().getData().toStringUtf8();
      System.out.printf("Plaintext: %s\n", payload);
    }
  }
}

source: https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets#secretmanager-access-secret-version-java

Asdfg
  • 11,362
  • 24
  • 98
  • 175