Gathering detailed insights and metrics for @google-cloud/secret-manager
Gathering detailed insights and metrics for @google-cloud/secret-manager
Google Cloud Client Library for Node.js
Installations
npm install @google-cloud/secret-managerDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=18
Node Version
18.20.8
NPM Version
10.8.2
Releases
3,030
maintenance-api: v0.1.0
maintenance-api-v0.1.0
Updated on Jul 10, 2025
subscriptions: v0.1.0
subscriptions-v0.1.0
Updated on Jul 10, 2025
storagebatchoperations: v0.1.0
storagebatchoperations-v0.1.0
Updated on Jul 10, 2025
lustre: v0.1.0
lustre-v0.1.0
Updated on Jul 10, 2025
devicestreaming: v0.2.0
devicestreaming-v0.2.0
Updated on Jul 10, 2025
chronicle: v0.2.0
chronicle-v0.2.0
Updated on Jul 10, 2025
Languages
6
TypeScript
JavaScript
Shell
Python
Dockerfile
Nunjucks
TypeScript (89.53%)
JavaScript (10.44%)
Shell (0.01%)
Python (0.01%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
Apache-2.0 License
3,042 Stars
25,206 Commits
626 Forks
190 Watchers
260 Branches
349 Contributors
Updated on Jul 15, 2025
Maintainers
2
Package Meta Information
Latest Version
6.1.0
Package Id
@google-cloud/secret-manager@6.1.0
Unpacked Size
4.10 MB
Size
262.33 kB
File Count
35
NPM Version
10.8.2
Node Version
18.20.8
Published on
Jul 10, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Secret Manager: Node.js Client
Secrets client for Node.js
A comprehensive list of changes in each version may be found in the CHANGELOG.
- Secret Manager Node.js Client API Reference
- Secret Manager Documentation
- github.com/googleapis/google-cloud-node/packages/google-cloud-secretmanager
Read more about the client libraries for Cloud APIs, including the older Google APIs Client Libraries, in Client Libraries Explained.
Table of contents:
Quickstart
Before you begin
- Select or create a Cloud Platform project.
- Enable billing for your project.
- Enable the Secret Manager API.
- Set up authentication so you can access the API from your local workstation.
Installing the client library
1npm install @google-cloud/secret-manager
Samples
Samples are in the samples/ directory. Each sample's README.md has instructions for running its sample.
| Sample | Source Code | Try it |
|---|---|---|
| Secret_manager_service.access_secret_version | source code |  |
| Secret_manager_service.add_secret_version | source code | |
| Secret_manager_service.create_secret | source code | |
| Secret_manager_service.delete_secret | source code | |
| Secret_manager_service.destroy_secret_version | source code | |
| Secret_manager_service.disable_secret_version | source code | |
| Secret_manager_service.enable_secret_version | source code | |
| Secret_manager_service.get_iam_policy | source code | |
| Secret_manager_service.get_secret | source code | |
| Secret_manager_service.get_secret_version | source code | |
| Secret_manager_service.list_secret_versions | source code | |
| Secret_manager_service.list_secrets | source code | |
| Secret_manager_service.set_iam_policy | source code | |
| Secret_manager_service.test_iam_permissions | source code | |
| Secret_manager_service.update_secret | source code | |
| Secret_manager_service.access_secret_version | source code | |
| Secret_manager_service.add_secret_version | source code | |
| Secret_manager_service.create_secret | source code | |
| Secret_manager_service.delete_secret | source code | |
| Secret_manager_service.destroy_secret_version | source code | |
| Secret_manager_service.disable_secret_version | source code | |
| Secret_manager_service.enable_secret_version | source code | |
| Secret_manager_service.get_iam_policy | source code | |
| Secret_manager_service.get_secret | source code | |
| Secret_manager_service.get_secret_version | source code | |
| Secret_manager_service.list_secret_versions | source code | |
| Secret_manager_service.list_secrets | source code | |
| Secret_manager_service.set_iam_policy | source code | |
| Secret_manager_service.test_iam_permissions | source code | |
| Secret_manager_service.update_secret | source code | |
| Quickstart | source code | |
The Secret Manager Node.js Client API Reference documentation also contains samples.
Supported Node.js Versions
Our client libraries follow the Node.js release schedule. Libraries are compatible with all current active and maintenance versions of Node.js. If you are using an end-of-life version of Node.js, we recommend that you update as soon as possible to an actively supported LTS version.
Google's client libraries support legacy versions of Node.js runtimes on a best-efforts basis with the following warnings:
- Legacy versions are not tested in continuous integration.
- Some security patches and features cannot be backported.
- Dependencies cannot be kept up-to-date.
Client libraries targeting some end-of-life versions of Node.js are available, and
can be installed through npm dist-tags.
The dist-tags follow the naming convention legacy-(version).
For example, npm install @google-cloud/secret-manager@legacy-8 installs client libraries
for versions compatible with Node.js 8.
Versioning
This library follows Semantic Versioning.
This library is considered to be stable. The code surface will not change in backwards-incompatible ways unless absolutely necessary (e.g. because of critical security issues) or with an extensive deprecation period. Issues and requests against stable libraries are addressed with the highest priority.
More Information: Google Cloud Platform Launch Stages
Contributing
Contributions welcome! See the Contributing Guide.
Please note that this README.md, the samples/README.md,
and a variety of configuration files in this repository (including .nycrc and tsconfig.json)
are generated from a central template. To edit one of these files, make an edit
to its templates in
directory.
License
Apache Version 2.0
See LICENSE
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no binaries found in the repo
Reason
1 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/continuous.yaml:1
- Warn: no topLevel permission defined: .github/workflows/issues-no-repro.yaml:1
- Warn: no topLevel permission defined: .github/workflows/presubmit.yaml:1
- Warn: no topLevel permission defined: .github/workflows/response.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-api-list.yaml:1
- Info: no jobLevel write permissions found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/continuous.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/continuous.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/continuous.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/continuous.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues-no-repro.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/issues-no-repro.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues-no-repro.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/issues-no-repro.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues-no-repro.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/issues-no-repro.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/presubmit.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/presubmit.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/presubmit.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/response.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/response.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/response.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/response.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/response.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-api-list.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/update-api-list.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-api-list.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/update-api-list.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-api-list.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/googleapis/google-cloud-node/update-api-list.yaml/main?enable=pin
- Warn: containerImage not pinned by hash: ci/Dockerfile:18
- Warn: containerImage not pinned by hash: ci/Dockerfile:37
- Warn: containerImage not pinned by hash: containers/node-bootstrap-container/Dockerfile:19
- Warn: containerImage not pinned by hash: containers/node-bootstrap-container/Dockerfile:23
- Warn: downloadThenRun not pinned by hash: ci/Dockerfile:35
- Warn: goCommand not pinned by hash: containers/node-bootstrap-container/Dockerfile:21
- Warn: npmCommand not pinned by hash: containers/node-bootstrap-container/Dockerfile:27
- Warn: npmCommand not pinned by hash: containers/node-bootstrap-container/entrypoint.sh:19
- Warn: npmCommand not pinned by hash: packages/google-cloud-secretmanager/ci/cloudbuild/test.sh:21
- Warn: npmCommand not pinned by hash: packages/google-cloud-secretmanager/ci/cloudbuild/test.sh:26
- Warn: npmCommand not pinned by hash: packages/google-cloud-secretmanager/ci/cloudbuild/test.sh:35
- Warn: npmCommand not pinned by hash: .github/workflows/issues-no-repro.yaml:18
- Warn: npmCommand not pinned by hash: .github/workflows/update-api-list.yaml:15
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
- Info: 0 out of 1 goCommand dependencies pinned
- Info: 0 out of 7 npmCommand dependencies pinned
- Info: 0 out of 4 containerImage dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.4
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More