NAME

gcloud secrets update - update a secret's metadata

SYNOPSIS

gcloud secrets update SECRET [--etag=ETAG] [--update-labels=[KEY=VALUE,...]] [--add-topics=[ADD-TOPICS,...] | --clear-topics | --remove-topics=[REMOVE-TOPICS,...]] [--clear-annotations | --remove-annotations=[KEY,...] | --update-annotations=[KEY=VALUE,...]] [--clear-labels | --remove-labels=[KEY,...]] [--clear-version-aliases | --remove-version-aliases=[KEY,...] | --update-version-aliases=[KEY=VALUE,...]] [--expire-time=EXPIRE-TIME | --remove-expiration | --ttl=TTL] [--next-rotation-time=NEXT_ROTATION_TIME --remove-next-rotation-time --remove-rotation-period --remove-rotation-schedule --rotation-period=ROTATION_PERIOD] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

Update a secret's metadata (e.g. labels). This command will return an error if given a secret that does not exist.

EXAMPLES

Update the label of a secret named 'my-secret'.

$ gcloud secrets update my-secret --update-labels=foo=bar

Update the label of a secret using an etag.

$ gcloud secrets update my-secret --update-labels=foo=bar \ --etag=\"123\"

Update a secret to have a next-rotation-time:

$ gcloud secrets update my-secret \ --next-rotation-time="2030-01-01T15:30:00-05:00"

Update a secret to have a next-rotation-time and rotation-period:

$ gcloud secrets update my-secret \ --next-rotation-time="2030-01-01T15:30:00-05:00" \ --rotation-period="7200s"

Update a secret to remove the next-rotation-time:

$ gcloud secrets update my-secret --remove-next-rotation-time

Update a secret to clear rotation policy:

$ gcloud secrets update my-secret --remove-rotation-schedule

POSITIONAL ARGUMENTS

Secret resource - The secret to update. This represents a Cloud resource.

(NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:

provide the argument SECRET on the command line with a fully specified name;

provide the argument --project on the command line;

set the property core/project.

This must be specified.

SECRET

ID of the secret or fully qualified identifier for the secret. To set the secret attribute:

  • provide the argument SECRET on the command line.

FLAGS

--etag=ETAG

Current entity tag (ETag) of the secret. If this flag is defined, the secret is updated only if the ETag provided matched the current secret's ETag.

--update-labels=[KEY=VALUE,...]

List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created.

Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.

Topics.

At most one of these can be specified:

--add-topics=[ADD-TOPICS,...]

List of Pub/Sub topics to add to the secret.

--clear-topics

Clear all Pub/Sub topics from the secret.

--remove-topics=[REMOVE-TOPICS,...]

List of Pub/Sub topics to remove from the secret.

Annotations

At most one of these can be specified:

--clear-annotations

Remove all Annotations.

--remove-annotations=[KEY,...]

List of Annotations to be removed.

--update-annotations=[KEY=VALUE,...]

List of key-value pairs to set as Annotations.

At most one of these can be specified:
--clear-labels

Remove all labels. If --update-labels is also specified then --clear-labels is applied first.

For example, to remove all labels:

$ gcloud secrets update --clear-labels

To remove all existing labels and create two new labels, foo and baz:

$ gcloud secrets update --clear-labels \ --update-labels foo=bar,baz=qux

--remove-labels=[KEY,...]

List of label keys to remove. If a label does not exist it is silently ignored. If --update-labels is also specified then --update-labels is applied first.

Version Aliases

At most one of these can be specified:

--clear-version-aliases

Remove all Version Aliases.

--remove-version-aliases=[KEY,...]

List of Version Aliases to be removed.

--update-version-aliases=[KEY=VALUE,...]

List of key-value pairs to set as Version Aliases.

Expiration.

At most one of these can be specified:

--expire-time=EXPIRE-TIME

Timestamp at which to automatically delete the secret.

--remove-expiration

If set, removes scheduled expiration from secret (if it had one).

--ttl=TTL

Duration of time (in seconds) from the running of the command until the secret is automatically deleted.

Rotation.
--next-rotation-time=NEXT_ROTATION_TIME

Timestamp at which to send rotation notification.

--remove-next-rotation-time

Remove timestamp at which to send rotation notification.

--remove-rotation-period

If set, removes the rotation period, cancelling all rotations except for the next one.

--remove-rotation-schedule

If set, removes rotation policy from a secret.

--rotation-period=ROTATION_PERIOD

Duration of time (in seconds) between rotation notifications.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

This variant is also available:

$ gcloud beta secrets update