GoogleCloudPlatform · khilan-crest · Jan 15, 2026 · Jan 15, 2026 · Jan 15, 2026 · Jan 15, 2026
@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# [START secretmanager_create_secret_with_expiration]
+from datetime import datetime, timedelta, timezone
+
+from google.cloud import secretmanager_v1
+from google.protobuf import timestamp_pb2
+
+
+def create_secret_with_expiration(project_id: str, secret_id: str) -> None:
+    """
+    Create a new secret with an expiration time.
+
+    Args:
+        project_id (str): The ID of the project where the secret will be created.
+        secret_id (str): The ID for the secret to create.
+
+    Example:
+        # Create a secret that expires in 1 hour
+        create_secret_with_expiration("my-project", "my-secret-with-expiry")
+    """
+    expire_time = datetime.now(timezone.utc) + timedelta(hours=1)
+    # Create the Secret Manager client.
+    client = secretmanager_v1.SecretManagerServiceClient()
+
+    # Build the resource name of the parent project.
+    parent = f"projects/{project_id}"
+
+    # Convert the Python datetime to a Protobuf Timestamp
+    timestamp = timestamp_pb2.Timestamp()
+    timestamp.FromDatetime(expire_time)
+
+    # Create the secret with automatic replication and expiration time.
+    secret = client.create_secret(
+        request={
+            "parent": parent,
+            "secret_id": secret_id,
+            "secret": {
+                "replication": {
+                    "automatic": {},
+                },
+                "expire_time": timestamp,
+            },
+        }
+    )
+
+    print(f"Created secret {secret.name} with expiration time {expire_time}")
+
+
+# [END secretmanager_create_secret_with_expiration]
+
+
+if __name__ == "__main__":
+    import argparse
+
+    parser = argparse.ArgumentParser(
+        description=__doc__,
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+    parser.add_argument("project_id", help="id of the GCP project")
+    parser.add_argument("secret_id", help="id of the secret to create")
+    args = parser.parse_args()
+
+    create_secret_with_expiration(args.project_id, args.secret_id)
@@ -0,0 +1,102 @@
+#!/usr/bin/env python
+
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# [START secretmanager_create_secret_with_rotation]
+from datetime import datetime, timedelta, timezone
+
+from google.cloud import secretmanager_v1
+from google.protobuf import duration_pb2
+from google.protobuf import timestamp_pb2
+
+
+def create_secret_with_rotation(
+    project_id: str, secret_id: str, topic_name: str
+) -> None:
+    """
+    Creates a new secret with rotation configured.
+
+    Args:
+        project_id (str): ID of the Google Cloud project
+        secret_id (str): ID of the secret to create
+        topic_name (str): Resource name of the Pub/Sub topic for rotation notifications
+    Example:
+        # Create a secret with automatic rotation every 24 hours
+        create_secret_with_rotation(
+            "my-project",
+            "my-rotating-secret",
+            "projects/my-project/topics/my-rotation-topic"
+        )
+    """
+    rotation_period_hours = 24
+    next_rotation_time = datetime.now(timezone.utc) + timedelta(hours=24)
+    # Create the Secret Manager client
+    client = secretmanager_v1.SecretManagerServiceClient()
+
+    # Build the resource name of the parent project
+    parent = f"projects/{project_id}"
+
+    # Convert rotation period to protobuf Duration
+    rotation_period = duration_pb2.Duration()
+    rotation_period.seconds = rotation_period_hours * 3600  # Convert hours to seconds
+
+    # Set next rotation time to 24 hours from now
+    next_rotation_timestamp = timestamp_pb2.Timestamp()
+    next_rotation_timestamp.FromDatetime(next_rotation_time)
+
+    # Create the secret with rotation configuration
+    secret = client.create_secret(
+        request={
+            "parent": parent,
+            "secret_id": secret_id,
+            "secret": {
+                "replication": {"automatic": {}},
+                "topics": [{"name": topic_name}],
+                "rotation": {
+                    "next_rotation_time": next_rotation_timestamp,
+                    "rotation_period": rotation_period,
+                },
+            },
+        }
+    )
+
+    print(
+        f"Created secret {secret.name} with rotation period {rotation_period_hours} hours and topic {topic_name}"
+    )
+
+
+# [END secretmanager_create_secret_with_rotation]
+
+
+if __name__ == "__main__":
+    import argparse
+
+    parser = argparse.ArgumentParser(
+        description=__doc__,
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+    parser.add_argument("project_id", help="ID of the GCP project")
+    parser.add_argument("secret_id", help="ID of the secret to create")
+    parser.add_argument(
+        "topic_name",
+        help="Resource name of the Pub/Sub topic for rotation notifications",
+    )
+    args = parser.parse_args()
+
+    create_secret_with_rotation(
+        args.project_id,
+        args.secret_id,
+        args.topic_name,
+    )
@@ -0,0 +1,76 @@
+#!/usr/bin/env python
+
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# [START secretmanager_create_secret_with_topic]
+from google.cloud import secretmanager_v1
+
+
+def create_secret_with_topic(project_id: str, secret_id: str, topic_name: str) -> None:
+    """
+    Creates a new secret with a notification topic configured.
+
+    Args:
+        project_id (str): ID of the Google Cloud project
+        secret_id (str): ID of the secret to create
+        topic_name (str): Full name of the topic in the format "projects/my-project/topics/my-topic"
+    Example:
+        # Create a secret with a Pub/Sub notification configuration
+        create_secret_with_topic(
+            "my-project",
+            "my-secret-with-notifications",
+            "projects/my-project/topics/my-secret-topic"
+        )
+    """
+    # Create the Secret Manager client.
+    client = secretmanager_v1.SecretManagerServiceClient()
+
+    # Build the parent name.
+    parent = f"projects/{project_id}"
+
+    # Create the secret with topic configuration.
+    secret = client.create_secret(
+        request={
+            "parent": parent,
+            "secret_id": secret_id,
+            "secret": {
+                "replication": {"automatic": {}},
+                "topics": [{"name": topic_name}],
+            },
+        }
+    )
+
+    print(f"Created secret {secret.name} with topic {topic_name}")
+
+
+# [END secretmanager_create_secret_with_topic]
+
+
+if __name__ == "__main__":
+    import argparse
+
+    parser = argparse.ArgumentParser(
+        description=__doc__,
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+    parser.add_argument("project_id", help="id of the GCP project")
+    parser.add_argument("secret_id", help="id of the secret to create")
+    parser.add_argument(
+        "topic_name",
+        help="name of the topic in the format 'projects/my-project/topics/my-topic'",
+    )
+    args = parser.parse_args()
+
+    create_secret_with_topic(args.project_id, args.secret_id, args.topic_name)
@@ -0,0 +1,68 @@
+#!/usr/bin/env python
+
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# [START secretmanager_delete_secret_expiration]
+from google.cloud import secretmanager_v1
+from google.protobuf.field_mask_pb2 import FieldMask
+
+
+def delete_secret_expiration(project_id: str, secret_id: str) -> None:
+    """
+    Removes the expiration time from a secret.
+
+    Args:
+        project_id (str): ID of the Google Cloud project
+        secret_id (str): ID of the secret to update
+    Example:
+        # Remove the expiration time from a secret that was previously scheduled for deletion
+        delete_secret_expiration(
+            "my-project",
+            "my-secret-with-expiration"
+        )
+    """
+    # Create the Secret Manager client.
+    client = secretmanager_v1.SecretManagerServiceClient()
+
+    # Build the resource name of the secret
+    name = client.secret_path(project_id, secret_id)
+
+    # Create the update mask.
+    update_mask = FieldMask(paths=["expire_time"])
+
+    # Build the request.
+    request = {"secret": {"name": name}, "update_mask": update_mask}
+
+    # Update the secret.
+    secret = client.update_secret(request=request)
+
+    print(f"Removed expiration from secret {secret.name}")
+
+
+# [END secretmanager_delete_secret_expiration]
+
+
+if __name__ == "__main__":
+    import argparse
+
+    parser = argparse.ArgumentParser(
+        description=__doc__,
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+    parser.add_argument("project_id", help="id of the GCP project")
+    parser.add_argument("secret_id", help="id of the secret to act on")
+    args = parser.parse_args()
+
+    delete_secret_expiration(args.project_id, args.secret_id)
@@ -0,0 +1,68 @@
+#!/usr/bin/env python
+
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# [START secretmanager_delete_secret_rotation]
+from google.cloud import secretmanager_v1
+from google.protobuf.field_mask_pb2 import FieldMask
+
+
+def delete_secret_rotation(project_id: str, secret_id: str) -> None:
+    """
+    Removes the rotation configuration from a secret.
+
+    Args:
+        project_id (str): ID of the Google Cloud project
+        secret_id (str): ID of the secret with rotation to remove
+    Example:
+        # Remove the rotation configuration from a secret
+        delete_secret_rotation(
+            "my-project",
+            "my-secret-with-rotation"
+        )
+    """
+    # Create the Secret Manager client.
+    client = secretmanager_v1.SecretManagerServiceClient()
+
+    # Build the resource name of the secret
+    name = client.secret_path(project_id, secret_id)
+
+    # Create the update mask.
+    update_mask = FieldMask(paths=["rotation"])
+
+    # Build the request.
+    request = {"secret": {"name": name}, "update_mask": update_mask}
+
+    # Update the secret.
+    secret = client.update_secret(request=request)
+
+    print(f"Removed rotation from secret {secret.name}")
+
+
+# [END secretmanager_delete_secret_rotation]
+
+
+if __name__ == "__main__":
+    import argparse
+
+    parser = argparse.ArgumentParser(
+        description=__doc__,
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+    parser.add_argument("project_id", help="id of the GCP project")
+    parser.add_argument("secret_id", help="id of the secret to act on")
+    args = parser.parse_args()
+
+    delete_secret_rotation(args.project_id, args.secret_id)