0

I would like to use Google Cloud's secret manager and either:

a) Read a secret (if it already exists) b) Write a new secret (if none exists)

However, based on the details here[1], it appears that only creating a secret version is a strongly consistent operation.

Is there a way to atomically create a secret AND create a defined/tagged secret version, and fail if either exist already?

[1] https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets#secretmanager-create-secret-gcloud

aronchick
  • 6,786
  • 9
  • 48
  • 75
  • You have to create 2 resources: the secret and the version. If the first one fail, you won't be able to create the version. But if the secret is created, and the version creation fail, there is no automatic rollback, it's 2 different operation and it's not possible to have a "transaction" to manage the potential issues. You have to manage that behavior by yourselves. – guillaume blaquiere May 11 '23 at 08:31

1 Answers1

0

Upon checking, creating a defined/tagged Secret is not yet supported.

There is already a filed feature request for this. However, for feature requests there is no guarantee of any time frame for updates or that the requested feature will be implemented.

Siegfred V.
  • 1,143
  • 3
  • 12