gcloud secrets update - update a secret's metadata
gcloud secrets update SECRET [--etag=ETAG] [--update-labels=[KEY=VALUE,...]] [--add-topics=[ADD-TOPICS,...] | --clear-topics | --remove-topics=[REMOVE-TOPICS,...]] [--clear-annotations | --remove-annotations=[KEY,...] | --update-annotations=[KEY=VALUE,...]] [--clear-labels | --remove-labels=[KEY,...]] [--clear-version-aliases | --remove-version-aliases=[KEY,...] | --update-version-aliases=[KEY=VALUE,...]] [--expire-time=EXPIRE-TIME | --remove-expiration | --ttl=TTL] [--next-rotation-time=NEXT_ROTATION_TIME --remove-next-rotation-time --remove-rotation-period --remove-rotation-schedule --rotation-period=ROTATION_PERIOD] [GCLOUD_WIDE_FLAG ...]
Update a secret's metadata (e.g. labels). This command will return an error if given a secret that does not exist.
Update the label of a secret named 'my-secret'.
$ gcloud secrets update my-secret --update-labels=foo=bar
Update the label of a secret using an etag.
$ gcloud secrets update my-secret --update-labels=foo=bar \ --etag=\"123\"
Update a secret to have a next-rotation-time:
$ gcloud secrets update my-secret \ --next-rotation-time="2030-01-01T15:30:00-05:00"
Update a secret to have a next-rotation-time and rotation-period:
$ gcloud secrets update my-secret \ --next-rotation-time="2030-01-01T15:30:00-05:00" \ --rotation-period="7200s"
Update a secret to remove the next-rotation-time:
$ gcloud secrets update my-secret --remove-next-rotation-time
Update a secret to clear rotation policy:
$ gcloud secrets update my-secret --remove-rotation-schedule
- Secret resource - The secret to update. This represents a Cloud resource.
(NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument SECRET on the command line with a fully specified name;
- —
provide the argument --project on the command line;
- —
set the property core/project.
This must be specified.
- SECRET
ID of the secret or fully qualified identifier for the secret. To set the secret attribute:
provide the argument SECRET on the command line.
- --etag=ETAG
Current entity tag (ETag) of the secret. If this flag is defined, the secret is updated only if the ETag provided matched the current secret's ETag.
- --update-labels=[KEY=VALUE,...]
List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created.
Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.
- Topics.
At most one of these can be specified:
- --add-topics=[ADD-TOPICS,...]
List of Pub/Sub topics to add to the secret.
- --clear-topics
Clear all Pub/Sub topics from the secret.
- --remove-topics=[REMOVE-TOPICS,...]
List of Pub/Sub topics to remove from the secret.
- Annotations
At most one of these can be specified:
- --clear-annotations
Remove all Annotations.
- --remove-annotations=[KEY,...]
List of Annotations to be removed.
- --update-annotations=[KEY=VALUE,...]
List of key-value pairs to set as Annotations.
- At most one of these can be specified:
- --clear-labels
Remove all labels. If --update-labels is also specified then --clear-labels is applied first.
For example, to remove all labels:
$ gcloud secrets update --clear-labels
To remove all existing labels and create two new labels, foo and baz:
$ gcloud secrets update --clear-labels \ --update-labels foo=bar,baz=qux
- --remove-labels=[KEY,...]
List of label keys to remove. If a label does not exist it is silently ignored. If --update-labels is also specified then --update-labels is applied first.
- Version Aliases
At most one of these can be specified:
- --clear-version-aliases
Remove all Version Aliases.
- --remove-version-aliases=[KEY,...]
List of Version Aliases to be removed.
- --update-version-aliases=[KEY=VALUE,...]
List of key-value pairs to set as Version Aliases.
- Expiration.
At most one of these can be specified:
- --expire-time=EXPIRE-TIME
Timestamp at which to automatically delete the secret.
- --remove-expiration
If set, removes scheduled expiration from secret (if it had one).
- --ttl=TTL
Duration of time (in seconds) from the running of the command until the secret is automatically deleted.
- Rotation.
- --next-rotation-time=NEXT_ROTATION_TIME
Timestamp at which to send rotation notification.
- --remove-next-rotation-time
Remove timestamp at which to send rotation notification.
- --remove-rotation-period
If set, removes the rotation period, cancelling all rotations except for the next one.
- --remove-rotation-schedule
If set, removes rotation policy from a secret.
- --rotation-period=ROTATION_PERIOD
Duration of time (in seconds) between rotation notifications.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This variant is also available:
$ gcloud beta secrets update