A command-line interface tool for managing secrets in Google Cloud Platform's Secret Manager service with support for bulk operations using environment files.
-
List Management
- List all secrets in your GCP project
- Filter secrets by prefix
- Display creation timestamps in local timezone
-
Secret Operations
- Add/update secrets individually
- Retrieve a single secret value
- Bulk import from environment files
- Support for environment prefixes
-
Removal Capabilities
- Delete individual secrets
- Batch deletion by prefix
- Force deletion option
-
Rich Terminal Interface
- Progress indicators
- Color-coded outputs
- Operation summaries
- Interactive confirmations
$ pip install gcp-secret-manager-cli- Python >=3.8
- GCP project with Secret Manager API enabled
- Configured GCP credentials
Create a .env file in your project root:
PROJECT_ID=your-gcp-project-id # Required: Your GCP Project ID
TZ=Asia/Taipei # Optional: Timezone for timestamps (default: UTC)
The CLI provides two command aliases:
gcp-secrets: Full command namesm: Short alias (Secret Manager)
β― sm
π Secret Manager CLI ToolPlace the following variables in the .env file to reduce the number of commands needed when using the CLI.
| Setting | Description |
|---|---|
| PROJECT_ID | GCP Project ID for Secret Manager operations |
| TZ | Timezone for displaying timestamps (default: UTC) |
| Command | Description |
|---|---|
| add | Add secrets from file or command line |
| remove (rm) | Remove secrets by prefix or key |
| list (ls) | List all secrets |
| get | Get single secret |
# If .env file does not have PROJECT_ID configured
$ sm list -P PROJECT_ID # Specify PROJECT_ID# From environment file
$ sm add -e # Add from default .env file
$ sm add -e .env.dev # Add from specific env file
$ sm add -e .env.dev -p DEV # Add with prefix (underscore will be added automatically: DEV_APP_VER)
# Single secret
$ sm add DB_URL "mysql://localhost" # Add single secret# From environment file
$ sm remove -e # Remove from default .env file
$ sm remove -e .env.dev # Remove from specific env file
# By prefix or key
$ sm remove -p DEV # Remove by prefix (underscore will be added automatically)
$ sm remove DB_URL # Remove single secret
$ sm rm -f -p TEST # Force remove by prefix without confirmation
# Remove all secrets
$ sm rm --all # Remove all secrets (β οΈ DANGEROUS)
$ sm rm --all -f # Force remove all secrets without confirmation$ sm list # List all secrets
$ sm list -p DEV # List secrets with prefix (underscore will be added automatically)
$ sm ls -p TEST # List secrets with prefix (alias)$ sm get DB_URL # Get single secret value-P, --project-id: Override GCP project ID--version: Show version
-e, --env-file: Source env file-p, --prefix: Add prefix to secret namesKEY VALUE: Add single secret
-e, --env-file: Remove from env file-p, --prefix: Remove by prefix--all: Remove all secrets (β οΈ DANGEROUS)-f, --force: Skip confirmationKEY: Remove single secret
-p, --prefix: Filter secrets by prefix
KEY: Retrieve single secret value
git clone https://github.com/TaiwanBigdata/gcp-secret-manager-cli.git
cd gcp-secret-manager-cli
python -m venv env
source env/bin/activate # Linux/Mac
pip install -e .- google-api-core>=2.23.0
- google-cloud-secret-manager>=2.21.1
- rich>=13.9.4
- click>=8.1.7
- python-dotenv>=1.0.1
This project is licensed under the MIT License.
gcp-secret-manager-cli/
βββ src/
β βββ gcp_secret_manager_cli/
β βββ core/
β β βββ client.py
β β βββ manager.py
β βββ utils/
β β βββ console.py
β β βββ env.py
β βββ __main__.py
β βββ cli.py
βββ LICENSE
βββ pyproject.toml
βββ readgen.toml
βββ README.md
βββ requirements.txt
This document was automatically generated by ReadGen.