-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing
15 changed files
with
444 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,116 @@ | ||
--- | ||
title: "Steampipe Table: gcp_secret_manager_secret - Query Google Cloud Platform Secret Manager Secrets using SQL" | ||
description: "Allows users to query Secret Manager secrets in Google Cloud Platform, providing details about the secrets stored within Secret Manager." | ||
--- | ||
|
||
# Table: gcp_secret_manager_secret - Query Google Cloud Platform Secret Manager Secrets using SQL | ||
|
||
A Secret Manager Secret in Google Cloud Platform is a secure place to store and manage sensitive information, such as API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud. | ||
|
||
## Table Usage Guide | ||
|
||
The `gcp_secret_manager_secret` table provides insights into secrets stored within the Google Cloud Secret Manager. As a security engineer, you can explore secret-specific details through this table, including the associated project, creation time, expiration time, and other metadata. Utilize it to understand the distribution and lifecycle of secrets for better management and security. | ||
|
||
## Examples | ||
|
||
### List all secrets in a specific project | ||
Identify all the secrets stored within a specific Google Cloud project. This is useful for auditing and managing secrets within your project. | ||
|
||
```sql+postgres | ||
select | ||
name, | ||
project, | ||
create_time, | ||
expire_time | ||
from | ||
gcp_secret_manager_secret | ||
where | ||
project = 'my-gcp-project'; | ||
``` | ||
|
||
```sql+sqlite | ||
select | ||
name, | ||
project, | ||
create_time, | ||
expire_time | ||
from | ||
gcp_secret_manager_secret | ||
where | ||
project = 'my-gcp-project'; | ||
``` | ||
|
||
### Find secrets that are about to expire | ||
Identify secrets that are nearing their expiration date. This is useful for proactively managing and rotating secrets to maintain security. | ||
|
||
```sql+postgres | ||
select | ||
name, | ||
project, | ||
expire_time | ||
from | ||
gcp_secret_manager_secret | ||
where | ||
expire_time < now() + interval '30 days'; | ||
``` | ||
|
||
```sql+sqlite | ||
select | ||
name, | ||
project, | ||
expire_time | ||
from | ||
gcp_secret_manager_secret | ||
where | ||
expire_time < datetime('now', '+30 days'); | ||
``` | ||
|
||
### Get details of a specific secret | ||
Retrieve detailed information about a specific secret, including its labels, annotations, and replication policy. | ||
|
||
```sql+postgres | ||
select | ||
name, | ||
labels, | ||
annotations, | ||
replication, | ||
ttl | ||
from | ||
gcp_secret_manager_secret | ||
where | ||
name = 'my-secret'; | ||
``` | ||
|
||
```sql+sqlite | ||
select | ||
name, | ||
labels, | ||
annotations, | ||
replication, | ||
ttl | ||
from | ||
gcp_secret_manager_secret | ||
where | ||
name = 'my-secret'; | ||
``` | ||
|
||
### Get user managed replication details of secrets | ||
Retrieve replication details about the secrets. | ||
|
||
```sql+postgres | ||
select | ||
name, | ||
create_time, | ||
replication -> 'userManaged' -> 'replicas' as user_managed_replicas | ||
from | ||
gcp_secret_manager_secret; | ||
``` | ||
|
||
```sql+sqlite | ||
select | ||
name, | ||
create_time, | ||
json_extract(replication, '$.userManaged.replicas') as user_managed_replicas | ||
from | ||
gcp_secret_manager_secret; | ||
``` |
Empty file.
7 changes: 7 additions & 0 deletions
7
gcp-test/tests/gcp_secret_manager_secret/test-get-expected.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
[ | ||
{ | ||
"name": "{{ output.resource_name.value }}", | ||
"project": "{{ output.project_id.value }}", | ||
"title": "{{ output.resource_id.value }}" | ||
} | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
select name, title, project | ||
from gcp.gcp_secret_manager_secret | ||
where name = '{{ output.resource_name.value }}' |
6 changes: 6 additions & 0 deletions
6
gcp-test/tests/gcp_secret_manager_secret/test-list-expected.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
[ | ||
{ | ||
"name": "{{ output.resource_name.value }}", | ||
"title": "{{ output.resource_id.value }}" | ||
} | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
select name, title | ||
from gcp.gcp_secret_manager_secret | ||
where akas::text = '["{{ output.resource_aka.value }}"]' |
1 change: 1 addition & 0 deletions
1
gcp-test/tests/gcp_secret_manager_secret/test-not-found-expected.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
[] |
3 changes: 3 additions & 0 deletions
3
gcp-test/tests/gcp_secret_manager_secret/test-not-found-query.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
select name | ||
from gcp.gcp_secret_manager_secret | ||
where name = 'dummy-{{ output.resource_name.value }}' |
6 changes: 6 additions & 0 deletions
6
gcp-test/tests/gcp_secret_manager_secret/test-turbot-expected.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
[ | ||
{ | ||
"akas": ["{{ output.resource_aka.value }}"], | ||
"title": "{{ output.resource_id.value }}" | ||
} | ||
] |
3 changes: 3 additions & 0 deletions
3
gcp-test/tests/gcp_secret_manager_secret/test-turbot-query.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
select title, akas | ||
from gcp.gcp_secret_manager_secret | ||
where name = '{{ output.resource_name.value }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
|
||
variable "resource_name" { | ||
type = string | ||
default = "turbot-test-20200125-create-update" | ||
description = "Name of the resource used throughout the test." | ||
} | ||
|
||
variable "gcp_project" { | ||
type = string | ||
default = "parker-aaa" | ||
description = "GCP project used for the test." | ||
} | ||
|
||
data "google_project" "current" {} | ||
|
||
variable "gcp_region" { | ||
type = string | ||
default = "us-east1" | ||
description = "GCP region used for the test." | ||
} | ||
|
||
variable "gcp_zone" { | ||
type = string | ||
default = "us-east1-b" | ||
} | ||
|
||
provider "google" { | ||
project = var.gcp_project | ||
region = var.gcp_region | ||
zone = var.gcp_zone | ||
} | ||
|
||
data "google_client_config" "current" {} | ||
|
||
data "null_data_source" "resource" { | ||
inputs = { | ||
scope = "gcp://cloudresourcemanager.googleapis.com/projects/${data.google_client_config.current.project}" | ||
} | ||
} | ||
|
||
resource "google_secret_manager_secret" "named_test_resource" { | ||
secret_id = var.resource_name | ||
|
||
labels = { | ||
label = var.resource_name | ||
} | ||
|
||
replication { | ||
user_managed { | ||
replicas { | ||
location = "us-central1" | ||
} | ||
replicas { | ||
location = "us-east1" | ||
} | ||
} | ||
} | ||
} | ||
|
||
output "resource_aka" { | ||
value = "gcp://secretmanager.googleapis.com/projects/${data.google_project.current.number}/secrets/${var.resource_name}" | ||
} | ||
|
||
output "resource_id" { | ||
value = "projects/${data.google_project.current.number}/secrets/${var.resource_name}" | ||
} | ||
|
||
output "resource_name" { | ||
value = var.resource_name | ||
} | ||
|
||
output "project_id" { | ||
value = var.gcp_project | ||
} | ||
|
||
output "project_number" { | ||
value = data.google_project.current.number | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.