HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/394/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/394/help/man/man1/gcloud_beta_secrets_create.1
.TH "GCLOUD_BETA_SECRETS_CREATE" 1



.SH "NAME"
.HP
gcloud beta secrets create \- create a new secret



.SH "SYNOPSIS"
.HP
\f5gcloud beta secrets create\fR \fISECRET\fR [\fB\-\-data\-file\fR=\fIPATH\fR] [\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-location\fR=\fILOCATION\fR] [\fB\-\-regional\-kms\-key\-name\fR=\fIKMS\-KEY\-NAME\fR] [\fB\-\-set\-annotations\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-tags\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-topics\fR=[\fITOPICS\fR,...]] [\fB\-\-version\-destroy\-ttl\fR=\fIVERSION\-DESTROY\-TTL\fR] [\fB\-\-expire\-time\fR=\fIEXPIRE\-TIME\fR\ |\ \fB\-\-ttl\fR=\fITTL\fR] [\fB\-\-next\-rotation\-time\fR=\fINEXT_ROTATION_TIME\fR\ \fB\-\-rotation\-period\fR=\fIROTATION_PERIOD\fR] [\fB\-\-replication\-policy\-file\fR=\fIREPLICATION\-POLICY\-FILE\fR\ |\ \fB\-\-kms\-key\-name\fR=\fIKMS\-KEY\-NAME\fR\ \fB\-\-locations\fR=[\fILOCATION\fR,...]\ \fB\-\-replication\-policy\fR=\fIPOLICY\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

\fB(BETA)\fR Create a secret with the given name and creates a secret version
with the given data, if any. Note, the created secret ends with a newline. If a
secret already exists with the given name, this command will return an error.



.SH "EXAMPLES"

Create a secret with an automatic replication policy without creating any
versions:

.RS 2m
$ gcloud beta secrets create my\-secret
.RE

Create a new secret named 'my\-secret' with an automatic replication policy and
data from a file:

.RS 2m
$ gcloud beta secrets create my\-secret \-\-data\-file=/tmp/secret
.RE

Create a new secret named 'my\-secret' in 'us\-central1' with data from a file:

.RS 2m
$ gcloud beta secrets create my\-secret \-\-data\-file=/tmp/secret \e
    \-\-replication\-policy=user\-managed \-\-locations=us\-central1
.RE

Create a new secret named 'my\-secret' in 'us\-central1' and 'us\-east1' with
the value "s3cr3t":

.RS 2m
$ printf "s3cr3t" | gcloud beta secrets create my\-secret \e
    \-\-data\-file=\- \-\-replication\-policy=user\-managed \e
    \-\-locations=us\-central1,us\-east1
.RE

Create a new secret named 'my\-secret' in 'us\-central1' and 'us\-east1' with
the value "s3cr3t" in PowerShell (Note: PowerShell will add a newline to the
resulting secret):

.RS 2m
$ Write\-Output "s3cr3t" | gcloud beta secrets create my\-secret \e
    \-\-data\-file=\- \-\-replication\-policy=user\-managed \e
    \-\-locations=us\-central1,us\-east1
.RE

Create an expiring secret with an automatic replication policy using a ttl:

.RS 2m
$ gcloud beta secrets create my\-secret \-\-ttl="600s"
.RE

Create an expiring secret with an automatic replication policy using an
expire\-time:

.RS 2m
$ gcloud beta secrets create my\-secret \e
    \-\-expire\-time="2030\-01\-01T08:15:30\-05:00"
.RE

Create a secret with an automatic replication policy and a next rotation time:

.RS 2m
$ gcloud beta secrets create my\-secret \e
    \-\-next\-rotation\-time="2030\-01\-01T15:30:00\-05:00"
.RE

Create a secret with an automatic replication policy and a rotation period:

.RS 2m
$ gcloud beta secrets create my\-secret \e
    \-\-next\-rotation\-time="2030\-01\-01T15:30:00\-05:00" \e
    \-\-rotation\-period="7200s"
.RE

Create a secret with delayed secret version destroy enabled:

.RS 2m
$ gcloud beta secrets create my\-secret \-\-version\-destroy\-ttl="86400s"
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m

Secret resource \- The secret to create. This represents a Cloud resource.
(NOTE) Some attributes are not given arguments in this group but can be set in
other ways.

To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5SECRET\fR on the command line with a fully specified
name;
.IP "\(em" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp

This must be specified.


.RS 2m
.TP 2m
\fISECRET\fR

ID of the secret or fully qualified identifier for the secret.

To set the \f5secret\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5SECRET\fR on the command line.
.RE
.sp


.RE
.RE
.sp

.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-data\-file\fR=\fIPATH\fR

File path from which to read secret data. Set this to "\-" to read the secret
data from stdin.

.TP 2m
\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]

List of label KEY=VALUE pairs to add.

Keys must start with a lowercase character and contain only hyphens (\f5\-\fR),
underscores (\f5_\fR), lowercase characters, and numbers. Values must contain
only hyphens (\f5\-\fR), underscores (\f5_\fR), lowercase characters, and
numbers.

.TP 2m

Location resource \- The location to create secret. This represents a Cloud
resource. (NOTE) Some attributes are not given arguments in this group but can
be set in other ways.

To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5\-\-location\fR on the command line with a fully
specified name;
.IP "\(em" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp


.RS 2m
.TP 2m
\fB\-\-location\fR=\fILOCATION\fR

ID of the location or fully qualified identifier for the location.

To set the \f5location\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-location\fR on the command line.
.RE
.sp

.RE
.sp
.TP 2m
\fB\-\-regional\-kms\-key\-name\fR=\fIKMS\-KEY\-NAME\fR

Regional KMS key with which to encrypt and decrypt the secret. Only valid for
regional secrets.

.TP 2m

Annotations


.RS 2m
.TP 2m
\fB\-\-set\-annotations\fR=[\fIKEY\fR=\fIVALUE\fR,...]

List of key\-value pairs to set as Annotations. All existing Annotations will be
removed first.

.RE
.sp
.TP 2m
\fB\-\-tags\fR=[\fIKEY\fR=\fIVALUE\fR,...]

List of tags KEY=VALUE pairs to bind. Each item must be expressed as
\f5<tag\-key\-namespaced\-name>=<tag\-value\-short\-name>\fR.

Example: \f5123/environment=production,123/costCenter=marketing\fR

.TP 2m
\fB\-\-topics\fR=[\fITOPICS\fR,...]

List of Pub/Sub topics to configure on the secret.

.TP 2m
\fB\-\-version\-destroy\-ttl\fR=\fIVERSION\-DESTROY\-TTL\fR

Secret Version Time To Live (TTL) after destruction request. For secret with
TTL>0, version destruction does not happen immediately on calling destroy;
instead, the version goes to a disabled state and destruction happens after the
TTL expires. See \f5$ gcloud topic datetimes\fR for information on duration
formats.

.TP 2m

Expiration.

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-expire\-time\fR=\fIEXPIRE\-TIME\fR

Timestamp at which to automatically delete the secret.

.TP 2m
\fB\-\-ttl\fR=\fITTL\fR

Duration of time (in seconds) from the running of the command until the secret
is automatically deleted.

.RE
.sp
.TP 2m

Rotation.


.RS 2m
.TP 2m
\fB\-\-next\-rotation\-time\fR=\fINEXT_ROTATION_TIME\fR

Timestamp at which to send rotation notification.

.TP 2m
\fB\-\-rotation\-period\fR=\fIROTATION_PERIOD\fR

Duration of time (in seconds) between rotation notifications.

.RE
.sp
.TP 2m

Replication policy.

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-replication\-policy\-file\fR=\fIREPLICATION\-POLICY\-FILE\fR

JSON or YAML file to use to read the replication policy. The file must conform
to
https://cloud.google.com/secret\-manager/docs/reference/rest/v1/projects.secrets#replication.Set
this to "\-" to read from stdin.

.TP 2m

Inline replication arguments.


.RS 2m
.TP 2m
\fB\-\-kms\-key\-name\fR=\fIKMS\-KEY\-NAME\fR

Global KMS key with which to encrypt and decrypt the secret. Only valid for
secrets with an automatic replication policy.

.TP 2m
\fB\-\-locations\fR=[\fILOCATION\fR,...]

Comma\-separated list of locations in which the secret should be replicated.

.TP 2m
\fB\-\-replication\-policy\fR=\fIPOLICY\fR

The type of replication policy to apply to this secret. Allowed values are
"automatic" and "user\-managed". If user\-managed then \-\-locations must also
be provided.


.RE
.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

This command is currently in beta and might change without notice. This variant
is also available:

.RS 2m
$ gcloud secrets create
.RE
@ Telegram