Understanding secret types
Secret types are the different types of sensitive data you can create when using Secret Manager.
This documentation page provides information about the different secret types available with the Secret Manager API, and how to use them with Terraform.
Secret types available with the API
You can create the following secret types using Secret Manager:
-
Opaque: This is the default type, where the content is not restricted to any specific format. You can store any arbitrary data in an opaque secret. The table below provides an example of how to use it in a JSON format but you can use it any other way you want.
-
Basic credentials: This secret type is a flat JSON that allows you to set a username and a password.
-
Database credentials: This secret type is used to securely store and manage the credentials required for accessing a database. These credentials include a username, a password, and other relevant information such as the engine, the host, the database name, and port.
-
Certificate: This type expects a list of concatenated PEM blocks, which can include certificates, private keys, or any other PEM block types.
-
SSH key: This secret type is used to store and manage SSH keys, which are used for authenticating and establishing secure connections between clients and servers over the SSH (Secure Shell) protocol. SSH keys are a pair of cryptographic keys – a private key and a public key – used to authenticate a user or service without requiring a password. With Secret Manager, only your SSH key’s private key is required.
-
Key/value: This secret type is used to store and manage secrets in a simple dictionary-like structure, where each secret is represented as a key-value pair.
Expected JSON formats
The following table provides information about the expected values for each secret type.
Secret type | Value | JSON sample |
---|---|---|
Basic credentials | basic_credentials | {"username": "your-username", "password": "your-password"} |
Database credentials | database_credentials | {"engine": "mysql", "username": "your-username", "password": "your-password", "host": "<instance host name/resolvable DNS name>", "dbname": "your-database", "port": "8080"} |
Key/value | key_value | {"key": "value", "toto": "titi"} |
SSH key | ssh_key | {"ssh_private_key": "<ssh-private-key>"} |
Opaque | opaque | {"opaque_data": "any-data-can-go-here"} |