# Secrets ## CreateSecret `client.Secrets.New(ctx, body) (*SecretNewResponse, error)` **post** `/gitpod.v1.SecretService/CreateSecret` Creates a new secret for a project. Use this method to: - Store sensitive configuration values - Set up environment variables - Configure registry authentication - Add file-based secrets ### Examples - Create environment variable: Creates a secret that will be available as an environment variable. ```yaml name: "DATABASE_URL" projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047" value: "postgresql://user:pass@localhost:5432/db" environmentVariable: true ``` - Create file secret: Creates a secret that will be mounted as a file. ```yaml name: "SSH_KEY" projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047" value: "-----BEGIN RSA PRIVATE KEY-----\n..." filePath: "/home/gitpod/.ssh/id_rsa" ``` - Create registry auth: Creates credentials for private container registry. ```yaml name: "DOCKER_AUTH" projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047" value: "username:password" containerRegistryBasicAuthHost: "https://registry.example.com" ``` ### Parameters - `body SecretNewParams` - `APIOnly param.Field[bool]` api_only indicates the secret is only available via API/CLI. These secrets are NOT automatically injected into services or devcontainers. Useful for secrets that should only be consumed programmatically (e.g., by security agents). - `ContainerRegistryBasicAuthHost param.Field[string]` secret will be mounted as a docker config in the environment VM, mount will have the docker registry host - `EnvironmentVariable param.Field[bool]` secret will be created as an Environment Variable with the same name as the secret - `FilePath param.Field[string]` absolute path to the file where the secret is mounted value must be an absolute path (e.g. /path/to/file): ``` this.matches('^/[^/].*$') ``` - `Name param.Field[string]` - `ProjectID param.Field[string]` project_id is the ProjectID this Secret belongs to Deprecated: use scope instead - `Scope param.Field[SecretScope]` scope is the scope of the secret - `Value param.Field[string]` value is the plaintext value of the secret ### Returns - `type SecretNewResponse struct{…}` - `Secret Secret` - `ID string` - `APIOnly bool` api_only indicates the secret is only available via API/CLI - `ContainerRegistryBasicAuthHost string` secret will be mounted as a registry secret - `CreatedAt Time` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `Creator Subject` creator is the identity of the creator of the secret - `ID string` id is the UUID of the subject - `Principal Principal` Principal is the principal of the subject - `const PrincipalUnspecified Principal = "PRINCIPAL_UNSPECIFIED"` - `const PrincipalAccount Principal = "PRINCIPAL_ACCOUNT"` - `const PrincipalUser Principal = "PRINCIPAL_USER"` - `const PrincipalRunner Principal = "PRINCIPAL_RUNNER"` - `const PrincipalEnvironment Principal = "PRINCIPAL_ENVIRONMENT"` - `const PrincipalServiceAccount Principal = "PRINCIPAL_SERVICE_ACCOUNT"` - `const PrincipalRunnerManager Principal = "PRINCIPAL_RUNNER_MANAGER"` - `EnvironmentVariable bool` secret will be created as an Environment Variable with the same name as the secret - `FilePath string` absolute path to the file where the secret is mounted - `Name string` Name of the secret for humans. - `ProjectID string` The Project ID this Secret belongs to Deprecated: use scope instead - `Scope SecretScope` - `OrganizationID string` organization_id is the Organization ID this Secret belongs to - `ProjectID string` project_id is the Project ID this Secret belongs to - `ServiceAccountID string` service_account_id is the Service Account ID this Secret belongs to - `UserID string` user_id is the User ID this Secret belongs to - `UpdatedAt Time` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. ### Example ```go package main import ( "context" "fmt" "github.com/gitpod-io/gitpod-sdk-go" "github.com/gitpod-io/gitpod-sdk-go/option" ) func main() { client := gitpod.NewClient( option.WithBearerToken("My Bearer Token"), ) secret, err := client.Secrets.New(context.TODO(), gitpod.SecretNewParams{ EnvironmentVariable: gitpod.F(true), Name: gitpod.F("DATABASE_URL"), ProjectID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"), Value: gitpod.F("postgresql://user:pass@localhost:5432/db"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", secret.Secret) } ``` #### Response ```json { "secret": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "apiOnly": true, "containerRegistryBasicAuthHost": "https://example.com", "createdAt": "2019-12-27T18:11:19.117Z", "creator": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" }, "environmentVariable": true, "filePath": "filePath", "name": "name", "projectId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "scope": { "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "projectId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "serviceAccountId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "userId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" }, "updatedAt": "2019-12-27T18:11:19.117Z" } } ``` ## DeleteSecret `client.Secrets.Delete(ctx, body) (*SecretDeleteResponse, error)` **post** `/gitpod.v1.SecretService/DeleteSecret` Deletes a secret permanently. Use this method to: - Remove unused secrets - Clean up old credentials ### Examples - Delete secret: Permanently removes a secret. ```yaml secretId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Parameters - `body SecretDeleteParams` - `SecretID param.Field[string]` ### Returns - `type SecretDeleteResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/gitpod-io/gitpod-sdk-go" "github.com/gitpod-io/gitpod-sdk-go/option" ) func main() { client := gitpod.NewClient( option.WithBearerToken("My Bearer Token"), ) secret, err := client.Secrets.Delete(context.TODO(), gitpod.SecretDeleteParams{ SecretID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", secret) } ``` #### Response ```json {} ``` ## GetSecretValue `client.Secrets.GetValue(ctx, body) (*SecretGetValueResponse, error)` **post** `/gitpod.v1.SecretService/GetSecretValue` Gets the value of a secret. Only available to environments that are authorized to access the secret. Use this method to: - Retrieve secret values - Access credentials ### Examples - Get secret value: Retrieves the value of a specific secret. ```yaml secretId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Parameters - `body SecretGetValueParams` - `SecretID param.Field[string]` ### Returns - `type SecretGetValueResponse struct{…}` - `Value string` ### Example ```go package main import ( "context" "fmt" "github.com/gitpod-io/gitpod-sdk-go" "github.com/gitpod-io/gitpod-sdk-go/option" ) func main() { client := gitpod.NewClient( option.WithBearerToken("My Bearer Token"), ) response, err := client.Secrets.GetValue(context.TODO(), gitpod.SecretGetValueParams{ SecretID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.Value) } ``` #### Response ```json { "value": "value" } ``` ## ListSecrets `client.Secrets.List(ctx, params) (*SecretsPage[Secret], error)` **post** `/gitpod.v1.SecretService/ListSecrets` Lists secrets Use this method to: - View all project secrets - View all user secrets ### Examples - List project secrets: Shows all secrets for a project. ```yaml filter: scope: projectId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047" pagination: pageSize: 20 ``` - List user secrets: Shows all secrets for a user. ```yaml filter: scope: userId: "123e4567-e89b-12d3-a456-426614174000" pagination: pageSize: 20 ``` ### Parameters - `params SecretListParams` - `Token param.Field[string]` Query param - `PageSize param.Field[int64]` Query param - `Filter param.Field[SecretListParamsFilter]` Body param - `ProjectIDs []string` project_ids filters the response to only Secrets used by these Project IDs Deprecated: use scope instead. Values in project_ids will be ignored. - `Scope SecretScope` scope is the scope of the secrets to list - `OrganizationID string` organization_id is the Organization ID this Secret belongs to - `ProjectID string` project_id is the Project ID this Secret belongs to - `ServiceAccountID string` service_account_id is the Service Account ID this Secret belongs to - `UserID string` user_id is the User ID this Secret belongs to - `Pagination param.Field[SecretListParamsPagination]` Body param: pagination contains the pagination options for listing environments - `Token string` Token for the next set of results that was returned as next_token of a PaginationResponse - `PageSize int64` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. ### Returns - `type Secret struct{…}` - `ID string` - `APIOnly bool` api_only indicates the secret is only available via API/CLI - `ContainerRegistryBasicAuthHost string` secret will be mounted as a registry secret - `CreatedAt Time` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `Creator Subject` creator is the identity of the creator of the secret - `ID string` id is the UUID of the subject - `Principal Principal` Principal is the principal of the subject - `const PrincipalUnspecified Principal = "PRINCIPAL_UNSPECIFIED"` - `const PrincipalAccount Principal = "PRINCIPAL_ACCOUNT"` - `const PrincipalUser Principal = "PRINCIPAL_USER"` - `const PrincipalRunner Principal = "PRINCIPAL_RUNNER"` - `const PrincipalEnvironment Principal = "PRINCIPAL_ENVIRONMENT"` - `const PrincipalServiceAccount Principal = "PRINCIPAL_SERVICE_ACCOUNT"` - `const PrincipalRunnerManager Principal = "PRINCIPAL_RUNNER_MANAGER"` - `EnvironmentVariable bool` secret will be created as an Environment Variable with the same name as the secret - `FilePath string` absolute path to the file where the secret is mounted - `Name string` Name of the secret for humans. - `ProjectID string` The Project ID this Secret belongs to Deprecated: use scope instead - `Scope SecretScope` - `OrganizationID string` organization_id is the Organization ID this Secret belongs to - `ProjectID string` project_id is the Project ID this Secret belongs to - `ServiceAccountID string` service_account_id is the Service Account ID this Secret belongs to - `UserID string` user_id is the User ID this Secret belongs to - `UpdatedAt Time` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. ### Example ```go package main import ( "context" "fmt" "github.com/gitpod-io/gitpod-sdk-go" "github.com/gitpod-io/gitpod-sdk-go/option" ) func main() { client := gitpod.NewClient( option.WithBearerToken("My Bearer Token"), ) page, err := client.Secrets.List(context.TODO(), gitpod.SecretListParams{ Filter: gitpod.F(gitpod.SecretListParamsFilter{ Scope: gitpod.F(gitpod.SecretScopeParam{ ProjectID: gitpod.F("b0e12f6c-4c67-429d-a4a6-d9838b5da047"), }), }), Pagination: gitpod.F(gitpod.SecretListParamsPagination{ PageSize: gitpod.F(int64(20)), }), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "pagination": { "nextToken": "nextToken" }, "secrets": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "apiOnly": true, "containerRegistryBasicAuthHost": "https://example.com", "createdAt": "2019-12-27T18:11:19.117Z", "creator": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "principal": "PRINCIPAL_UNSPECIFIED" }, "environmentVariable": true, "filePath": "filePath", "name": "name", "projectId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "scope": { "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "projectId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "serviceAccountId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "userId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" }, "updatedAt": "2019-12-27T18:11:19.117Z" } ] } ``` ## UpdateSecretValue `client.Secrets.UpdateValue(ctx, body) (*SecretUpdateValueResponse, error)` **post** `/gitpod.v1.SecretService/UpdateSecretValue` Updates the value of an existing secret. Use this method to: - Rotate secret values - Update credentials ### Examples - Update secret value: Changes the value of an existing secret. ```yaml secretId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" value: "new-secret-value" ``` ### Parameters - `body SecretUpdateValueParams` - `SecretID param.Field[string]` - `Value param.Field[string]` value is the plaintext value of the secret ### Returns - `type SecretUpdateValueResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/gitpod-io/gitpod-sdk-go" "github.com/gitpod-io/gitpod-sdk-go/option" ) func main() { client := gitpod.NewClient( option.WithBearerToken("My Bearer Token"), ) response, err := client.Secrets.UpdateValue(context.TODO(), gitpod.SecretUpdateValueParams{ SecretID: gitpod.F("d2c94c27-3b76-4a42-b88c-95a85e392c68"), Value: gitpod.F("new-secret-value"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json {} ``` ## Domain Types ### Secret - `type Secret struct{…}` - `ID string` - `APIOnly bool` api_only indicates the secret is only available via API/CLI - `ContainerRegistryBasicAuthHost string` secret will be mounted as a registry secret - `CreatedAt Time` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. - `Creator Subject` creator is the identity of the creator of the secret - `ID string` id is the UUID of the subject - `Principal Principal` Principal is the principal of the subject - `const PrincipalUnspecified Principal = "PRINCIPAL_UNSPECIFIED"` - `const PrincipalAccount Principal = "PRINCIPAL_ACCOUNT"` - `const PrincipalUser Principal = "PRINCIPAL_USER"` - `const PrincipalRunner Principal = "PRINCIPAL_RUNNER"` - `const PrincipalEnvironment Principal = "PRINCIPAL_ENVIRONMENT"` - `const PrincipalServiceAccount Principal = "PRINCIPAL_SERVICE_ACCOUNT"` - `const PrincipalRunnerManager Principal = "PRINCIPAL_RUNNER_MANAGER"` - `EnvironmentVariable bool` secret will be created as an Environment Variable with the same name as the secret - `FilePath string` absolute path to the file where the secret is mounted - `Name string` Name of the secret for humans. - `ProjectID string` The Project ID this Secret belongs to Deprecated: use scope instead - `Scope SecretScope` - `OrganizationID string` organization_id is the Organization ID this Secret belongs to - `ProjectID string` project_id is the Project ID this Secret belongs to - `ServiceAccountID string` service_account_id is the Service Account ID this Secret belongs to - `UserID string` user_id is the User ID this Secret belongs to - `UpdatedAt Time` A Timestamp represents a point in time independent of any time zone or local calendar, encoded as a count of seconds and fractions of seconds at nanosecond resolution. The count is relative to an epoch at UTC midnight on January 1, 1970, in the proleptic Gregorian calendar which extends the Gregorian calendar backwards to year one. All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap second table is needed for interpretation, using a [24-hour linear smear](https://developers.google.com/time/smear). The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By restricting to that range, we ensure that we can convert to and from [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. # Examples Example 1: Compute Timestamp from POSIX `time()`. Timestamp timestamp; timestamp.set_seconds(time(NULL)); timestamp.set_nanos(0); Example 2: Compute Timestamp from POSIX `gettimeofday()`. struct timeval tv; gettimeofday(&tv, NULL); Timestamp timestamp; timestamp.set_seconds(tv.tv_sec); timestamp.set_nanos(tv.tv_usec * 1000); Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. FILETIME ft; GetSystemTimeAsFileTime(&ft); UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. Timestamp timestamp; timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. long millis = System.currentTimeMillis(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) .setNanos((int) ((millis % 1000) * 1000000)).build(); Example 5: Compute Timestamp from Java `Instant.now()`. Instant now = Instant.now(); Timestamp timestamp = Timestamp.newBuilder().setSeconds(now.getEpochSecond()) .setNanos(now.getNano()).build(); Example 6: Compute Timestamp from current time in Python. timestamp = Timestamp() timestamp.GetCurrentTime() # JSON Mapping In JSON format, the Timestamp type is encoded as a string in the [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" where {year} is always expressed using four digits while {month}, {day}, {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone is required. A proto3 JSON serializer should always use UTC (as indicated by "Z") when printing the Timestamp type and a proto3 JSON parser should be able to accept both UTC and other timezones (as indicated by an offset). For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past 01:30 UTC on January 15, 2017. In JavaScript, one can convert a Date object to this format using the standard [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) method. In Python, a standard `datetime.datetime` object can be converted to this format using [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use the Joda Time's [`ISODateTimeFormat.dateTime()`](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime\(\)) to obtain a formatter capable of generating timestamps in this format. ### Secret Scope - `type SecretScope struct{…}` - `OrganizationID string` organization_id is the Organization ID this Secret belongs to - `ProjectID string` project_id is the Project ID this Secret belongs to - `ServiceAccountID string` service_account_id is the Service Account ID this Secret belongs to - `UserID string` user_id is the User ID this Secret belongs to