v5.18.0/website/docs/r/secret_manager_secret_version.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Secret Manager"
 description: |-
   A secret version resource.
 ---

 # google\_secret\_manager\_secret\_version

 A secret version resource.


 ~> **Warning:** All arguments including the following potentially sensitive
 values will be stored in the raw state as plain text: `payload.secret_data`.
 [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).

 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secret_version_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Secret Version Basic


 ```hcl
 resource "google_secret_manager_secret" "secret-basic" {
   secret_id = "secret-version"

   labels = {
     label = "my-label"
   }

   replication {
     auto {}
   }
 }


 resource "google_secret_manager_secret_version" "secret-version-basic" {
   secret = google_secret_manager_secret.secret-basic.id

   secret_data = "secret-data"
 }
 ```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secret_version_deletion_policy_abandon&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Secret Version Deletion Policy Abandon


 ```hcl
 resource "google_secret_manager_secret" "secret-basic" {
   secret_id = "secret-version"

   replication {
     user_managed {
       replicas {
         location = "us-central1"
       }
     }
   }
 }

 resource "google_secret_manager_secret_version" "secret-version-deletion-policy" {
   secret = google_secret_manager_secret.secret-basic.id

   secret_data = "secret-data"
   deletion_policy = "ABANDON"
 }
 ```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secret_version_deletion_policy_disable&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Secret Version Deletion Policy Disable


 ```hcl
 resource "google_secret_manager_secret" "secret-basic" {
   secret_id = "secret-version"

   replication {
     user_managed {
       replicas {
         location = "us-central1"
       }
     }
   }
 }

 resource "google_secret_manager_secret_version" "secret-version-deletion-policy" {
   secret = google_secret_manager_secret.secret-basic.id

   secret_data = "secret-data"
   deletion_policy = "DISABLE"
 }
 ```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secret_version_with_base64_string_secret_data&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
   </a>
 </div>
 ## Example Usage - Secret Version With Base64 String Secret Data


 ```hcl
 resource "google_secret_manager_secret" "secret-basic" {
   secret_id = "secret-version"

   replication {
     user_managed {
       replicas {
         location = "us-central1"
       }
     }
   }
 }

 resource "google_secret_manager_secret_version" "secret-version-base64" {
   secret = google_secret_manager_secret.secret-basic.id

   is_secret_data_base64 = true
   secret_data = filebase64("secret-data.pfx")
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `secret_data` -
   (Required)
   The secret data. Must be no larger than 64KiB.
   **Note**: This property is sensitive and will not be displayed in the plan.

 * `secret` -
   (Required)
   Secret Manager secret resource


 - - -


 * `enabled` -
   (Optional)
   The current state of the SecretVersion.

 * `deletion_policy` - (Optional) The deletion policy for the secret version. Setting `ABANDON` allows the resource
 to be abandoned rather than deleted. Setting `DISABLE` allows the resource to be
 disabled rather than deleted. Default is `DELETE`. Possible values are:
   * DELETE
   * DISABLE
   * ABANDON

 * `is_secret_data_base64` - (Optional) If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `{{name}}`

 * `name` -
   The resource name of the SecretVersion. Format:
   `projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}`

 * `version` -
   The version of the Secret.

 * `create_time` -
   The time at which the Secret was created.

 * `destroy_time` -
   The time at which the Secret was destroyed. Only present if state is DESTROYED.


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 SecretVersion can be imported using any of these accepted formats:

 * `projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import SecretVersion using one of the formats above. For example:

 ```tf
 import {
   id = "projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}"
   to = google_secret_manager_secret_version.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), SecretVersion can be imported using one of the formats above. For example:

 ```
 $ terraform import google_secret_manager_secret_version.default projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}
 ```
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Secret Manager"
	description: \|-
	A secret version resource.
	---

	# google\_secret\_manager\_secret\_version

	A secret version resource.



	~> Warning: All arguments including the following potentially sensitive
	values will be stored in the raw state as plain text: `payload.secret_data`.
	[Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).

	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secret_version_basic&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Secret Version Basic


	```hcl
	resource "google_secret_manager_secret" "secret-basic" {
	secret_id = "secret-version"

	labels = {
	label = "my-label"
	}

	replication {
	auto {}
	}
	}


	resource "google_secret_manager_secret_version" "secret-version-basic" {
	secret = google_secret_manager_secret.secret-basic.id

	secret_data = "secret-data"
	}
	```
	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secret_version_deletion_policy_abandon&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Secret Version Deletion Policy Abandon


	```hcl
	resource "google_secret_manager_secret" "secret-basic" {
	secret_id = "secret-version"

	replication {
	user_managed {
	replicas {
	location = "us-central1"
	}
	}
	}
	}

	resource "google_secret_manager_secret_version" "secret-version-deletion-policy" {
	secret = google_secret_manager_secret.secret-basic.id

	secret_data = "secret-data"
	deletion_policy = "ABANDON"
	}
	```
	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secret_version_deletion_policy_disable&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Secret Version Deletion Policy Disable


	```hcl
	resource "google_secret_manager_secret" "secret-basic" {
	secret_id = "secret-version"

	replication {
	user_managed {
	replicas {
	location = "us-central1"
	}
	}
	}
	}

	resource "google_secret_manager_secret_version" "secret-version-deletion-policy" {
	secret = google_secret_manager_secret.secret-basic.id

	secret_data = "secret-data"
	deletion_policy = "DISABLE"
	}
	```
	<div class = "oics-button" style="float: right; margin: 0 0 -15px">
	<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=secret_version_with_base64_string_secret_data&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
	<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
	</a>
	</div>
	## Example Usage - Secret Version With Base64 String Secret Data


	```hcl
	resource "google_secret_manager_secret" "secret-basic" {
	secret_id = "secret-version"

	replication {
	user_managed {
	replicas {
	location = "us-central1"
	}
	}
	}
	}

	resource "google_secret_manager_secret_version" "secret-version-base64" {
	secret = google_secret_manager_secret.secret-basic.id

	is_secret_data_base64 = true
	secret_data = filebase64("secret-data.pfx")
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `secret_data` -
	(Required)
	The secret data. Must be no larger than 64KiB.
	Note: This property is sensitive and will not be displayed in the plan.

	* `secret` -
	(Required)
	Secret Manager secret resource


	- - -


	* `enabled` -
	(Optional)
	The current state of the SecretVersion.

	* `deletion_policy` - (Optional) The deletion policy for the secret version. Setting `ABANDON` allows the resource
	to be abandoned rather than deleted. Setting `DISABLE` allows the resource to be
	disabled rather than deleted. Default is `DELETE`. Possible values are:
	* DELETE
	* DISABLE
	* ABANDON

	* `is_secret_data_base64` - (Optional) If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `{{name}}`

	* `name` -
	The resource name of the SecretVersion. Format:
	`projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}`

	* `version` -
	The version of the Secret.

	* `create_time` -
	The time at which the Secret was created.

	* `destroy_time` -
	The time at which the Secret was destroyed. Only present if state is DESTROYED.


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	SecretVersion can be imported using any of these accepted formats:

	* `projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import SecretVersion using one of the formats above. For example:

	```tf
	import {
	id = "projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}"
	to = google_secret_manager_secret_version.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), SecretVersion can be imported using one of the formats above. For example:

	```
	$ terraform import google_secret_manager_secret_version.default projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}
	```