Skip to main content

Create

Creates a secret in the specified folder.

import {
  cloudApi,
  decodeMessage,
  serviceClients,
  Session,
  waitForOperation,
} from "@yandex-cloud/nodejs-sdk";

const CreateSecretRequest = cloudApi.lockbox.secret_service.CreateSecretRequest;
const Secret = cloudApi.datasphere.secret.Secret;

(async () => {
  const authToken = process.env["YC_OAUTH_TOKEN"];
  const session = new Session({ oauthToken: authToken });
  const client = session.client(serviceClients.SecretServiceClient);

  const operation = await client.create(
    CreateSecretRequest.fromPartial({
      folderId: "folderId",
      // name: "name",
      // description: "description",
      // labels: {"key": "labels"},
      // kmsKeyId: "kmsKeyId",
      // versionDescription: "versionDescription",
      // versionPayloadEntries: [{
      // key: "key",
      // textValue: "textValue",
      // binaryValue: Buffer.from([])
      // }],
      // deletionProtection: true,
      // passwordPayloadSpecification: {
      // passwordKey: "passwordKey",
      // length: 0,
      // includeUppercase: {
      // value: true
      // },
      // includeLowercase: {
      // value: true
      // },
      // includeDigits: {
      // value: true
      // },
      // includePunctuation: {
      // value: true
      // },
      // includedPunctuation: "includedPunctuation",
      // excludedPunctuation: "excludedPunctuation"
      // }
    })
  );
  const finishedOp = await waitForOperation(operation, session);

  if (finishedOp.response) {
    const result = decodeMessage<typeof Secret>(finishedOp.response);
    console.log(result);
  }
})();

CreateSecretRequest

folderId : string

ID of the folder to create a secret in.

name : string

Name of the secret.

description : string

Description of the secret.

labels : string

Custom labels for the secret as key:value pairs. Maximum 64 per key. For example, "project": "mvp" or "source": "dictionary".

kmsKeyId : string

Optional ID of the KMS key will be used to encrypt and decrypt the secret.

versionDescription : string

Description of the first version.

versionPayloadEntries : PayloadEntryChange

Payload entries added to the first version.

deletionProtection : bool

Flag that inhibits deletion of the secret.

One of payloadSpecification

  • passwordPayloadSpecification : PasswordPayloadSpecification

PayloadEntryChange

key : string

Non-confidential key of the entry.

One of value

Confidential value of the entry.

  • textValue : string

    Use the field to set a text value.

  • binaryValue : bytes

    Use the field to set a binary value.

PasswordPayloadSpecification

passwordKey : string

key of the entry to store generated password value

length : int64

password length; by default, a reasonable length will be decided

includeUppercase : google.protobuf.BoolValue

whether at least one A..Z character is included in the password, true by default

includeLowercase : google.protobuf.BoolValue

whether at least one a..z character is included in the password, true by default

includeDigits : google.protobuf.BoolValue

whether at least one 0..9 character is included in the password, true by default

includePunctuation : google.protobuf.BoolValue

whether at least one punctuation character is included in the password, true by default punctuation characters by default (there are 32): !"#$%&'()*+,-./:;<=>?@[]1^_`{|}~ to customize the punctuation characters, see included_punctuation and excluded_punctuation below

includedPunctuation : string

If include_punctuation is true, one of these two fields (not both) may be used optionally to customize the punctuation: a string of specific punctuation characters to use (at most, all the 32)

excludedPunctuation : string

a string of punctuation characters to exclude from the default (at most 31, it's not allowed to exclude all the 32)

Operation

An Operation resource. For more information, see Operation.

id : string

ID of the operation.

description : string

Description of the operation. 0-256 characters long.

createdAt : google.protobuf.Timestamp

Creation timestamp.

createdBy : string

ID of the user or service account who initiated the operation.

modifiedAt : google.protobuf.Timestamp

The time when the Operation resource was last modified.

done : bool

If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.

metadata : google.protobuf.Any

Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.

One of result

The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.

  • error : google.rpc.Status

    The error result of the operation in case of failure or cancellation.

  • response : google.protobuf.Any
    The normal response of the operation in case of success.

    If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any.