Skip to main content

Get

Returns the specified secret.

To get the list of all available secrets, make a List request. Use PayloadService.Get to get the payload (confidential data themselves) of the secret.

import { cloudApi, serviceClients, Session } from "@yandex-cloud/nodejs-sdk";

const GetSecretRequest = cloudApi.lockbox.secret_service.GetSecretRequest;

(async () => {
  const authToken = process.env["YC_OAUTH_TOKEN"];
  const session = new Session({ oauthToken: authToken });
  const client = session.client(serviceClients.SecretServiceClient);

  const result = await client.get(
    GetSecretRequest.fromPartial({
      secretId: "secretId",
    })
  );
  console.log(result);
})();

GetSecretRequest

secretId : string

ID of the secret to return.

To get a secret ID make a List request.

Secret

A secret that may contain several versions of the payload.

Status

  • STATUS_UNSPECIFIED

  • CREATING

    The secret is being created.

  • ACTIVE

    The secret is active and the secret payload can be accessed. Can be set to INACTIVE using the [SecretService.Deactivate][4] method.

  • INACTIVE

    The secret is inactive and unusable. Can be set to ACTIVE using the [SecretService.Deactivate][5] method.

id : string

ID of the secret.

folderId : string

ID of the folder that the secret belongs to.

createdAt : google.protobuf.Timestamp

Creation timestamp.

name : string

Name of the secret.

description : string

Description of the secret.

labels : string

Custom labels for the secret as key:value pairs. Maximum 64 per key.

kmsKeyId : string

Optional ID of the KMS key will be used to encrypt and decrypt the secret.

status : Status

Status of the secret.

currentVersion : Version

Current (i.e. the latest) version of the secret.

deletionProtection : bool

Flag that inhibits deletion of the secret.

One of payloadSpecification

  • passwordPayloadSpecification : PasswordPayloadSpecification

Version

Status
  • STATUS_UNSPECIFIED

  • ACTIVE

    The version is active and the secret payload can be accessed.

  • SCHEDULED_FOR_DESTRUCTION

    The version is scheduled for destruction, the time when it will be destroyed is specified in the [Version.destroy_at][6] field.

  • DESTROYED

    The version is destroyed and cannot be recovered.

id : string

ID of the version.

secretId : string

ID of the secret that the version belongs to.

createdAt : google.protobuf.Timestamp

Time when the version was created.

destroyAt : google.protobuf.Timestamp

Time when the version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

description : string

Description of the version.

status : Status

Status of the secret.

payloadEntryKeys : string

Keys of the entries contained in the version payload.

  • passwordPayloadSpecification : PasswordPayloadSpecification

PasswordPayloadSpecification

passwordKey : string

key of the entry to store generated password value

length : int64

password length; by default, a reasonable length will be decided

includeUppercase : google.protobuf.BoolValue

whether at least one A..Z character is included in the password, true by default

includeLowercase : google.protobuf.BoolValue

whether at least one a..z character is included in the password, true by default

includeDigits : google.protobuf.BoolValue

whether at least one 0..9 character is included in the password, true by default

includePunctuation : google.protobuf.BoolValue

whether at least one punctuation character is included in the password, true by default punctuation characters by default (there are 32): !"#$%&'()*+,-./:;<=>?@[]7^_`{|}~ to customize the punctuation characters, see included_punctuation and excluded_punctuation below

includedPunctuation : string

If include_punctuation is true, one of these two fields (not both) may be used optionally to customize the punctuation: a string of specific punctuation characters to use (at most, all the 32)

excludedPunctuation : string

a string of punctuation characters to exclude from the default (at most 31, it's not allowed to exclude all the 32)