NAME gcloud secrets create - create a new secret SYNOPSIS gcloud secrets create SECRET [--data-file=PATH] [--labels=[KEY=VALUE,...]] [--set-annotations=[KEY=VALUE,...]] [--topics=[TOPICS,...]] [--expire-time=EXPIRE-TIME | --ttl=TTL] [--next-rotation-time=NEXT_ROTATION_TIME --rotation-period=ROTATION_PERIOD] [--replication-policy-file=REPLICATION-POLICY-FILE | --kms-key-name=KMS-KEY-NAME --locations=[LOCATION,...] --replication-policy=POLICY] [GCLOUD_WIDE_FLAG ...] DESCRIPTION Create a secret with the given name and creates a secret version with the given data, if any. If a secret already exists with the given name, this command will return an error. EXAMPLES Create a secret with an automatic replication policy without creating any versions: $ gcloud secrets create my-secret Create a new secret named 'my-secret' with an automatic replication policy and data from a file: $ gcloud secrets create my-secret --data-file=/tmp/secret Create a new secret named 'my-secret' in 'us-central1' with data from a file: $ gcloud secrets create my-secret --data-file=/tmp/secret \ --replication-policy=user-managed --locations=us-central1 Create a new secret named 'my-secret' in 'us-central1' and 'us-east1' with the value "s3cr3t": $ printf "s3cr3t" | gcloud secrets create my-secret --data-file=- \ --replication-policy=user-managed \ --locations=us-central1,us-east1 Create a new secret named 'my-secret' in 'us-central1' and 'us-east1' with the value "s3cr3t" in PowerShell (Note: PowerShell will add a newline to the resulting secret): $ Write-Output "s3cr3t" | gcloud secrets create my-secret \ --data-file=- --replication-policy=user-managed \ --locations=us-central1,us-east1 Create a secret with an automatic replication policy and a next rotation time: $ gcloud secrets create my-secret \ --next-rotation-time="2030-01-01T15:30:00-05:00" Create a secret with an automatic replication policy and a rotation period: $ gcloud secrets create my-secret \ --next-rotation-time="2030-01-01T15:30:00-05:00" \ --rotation-period="7200s" POSITIONAL ARGUMENTS Secret resource - The secret to create. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute: ◆ provide the argument SECRET on the command line with a fully specified name; ◆ provide the argument --project on the command line; ◆ set the property core/project. This must be specified. SECRET ID of the secret or fully qualified identifier for the secret. To set the secret attribute: ▸ provide the argument SECRET on the command line. FLAGS --data-file=PATH File path from which to read secret data. Set this to "-" to read the secret data from stdin. --labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to add. Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers. Annotations --set-annotations=[KEY=VALUE,...] List of key-value pairs to set as Annotations. All existing Annotations will be removed first. --topics=[TOPICS,...] List of Pub/Sub topics to configure on the secret. Expiration. At most one of these can be specified: --expire-time=EXPIRE-TIME Timestamp at which to automatically delete the secret. --ttl=TTL Duration of time (in seconds) from the running of the command until the secret is automatically deleted. Rotation. --next-rotation-time=NEXT_ROTATION_TIME Timestamp at which to send rotation notification. --rotation-period=ROTATION_PERIOD Duration of time (in seconds) between rotation notifications. Replication policy. At most one of these can be specified: --replication-policy-file=REPLICATION-POLICY-FILE JSON or YAML file to use to read the replication policy. The file must conform to https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets#replication.Set this to "-" to read from stdin. Inline replication arguments. --kms-key-name=KMS-KEY-NAME Global KMS key with which to encrypt and decrypt the secret. Only valid for secrets with an automatic replication policy. --locations=[LOCATION,...] Comma-separated list of locations in which the secret should be replicated. --replication-policy=POLICY The type of replication policy to apply to this secret. Allowed values are "automatic" and "user-managed". If user-managed then --locations must also be provided. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details. NOTES This variant is also available: $ gcloud beta secrets create