google-cloud-secret_manager-v1 0.4.2 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4bb51798c84c86d7ef19644cdf0462bbc65cd85ad9d139a9a2f267bd29b7cbaf
-  data.tar.gz: 79b59c3905d686cfdda416f793fce81bde1a998af9b43bc547ea9dd196b9167e
+  metadata.gz: bf03cd5041b88a10cdc8648e70d6286e77a5eb6255873b22233d232d749d9d04
+  data.tar.gz: 0b7d87e1e5fc9e93130d2acad124dc6f2023879c993b503e03fb43b654325fb1
 SHA512:
-  metadata.gz: d8aa4cacc6d510414937a8d8b8a7e90bc78f592115f0d33d2c6f998d0ea553ba944d1c004327b54308d8f52b899c3e68b566e1dc13bc1a375971322f1a560fb1
-  data.tar.gz: 2d0819cb3b0377de4738c0bee0359617721cc258c716e8e37020e47f93dae868fda864223cebf9f6fb75d26c9965988aa8e4f5c876ecdd8b59392b8a16057c6f
+  metadata.gz: db62de628ee454c81f5b7b46cb96fbc1d304ae3b2ffd8a700be85b77876cbca05aa15a6df8c7cdaf357e05f7ee043552f37f7f8fbcdff72d11896ad5a6b3509a
+  data.tar.gz: d3a282e5589d7d86c1ec1235239670769e8e21f90d40dbbfeabbef1b28b937415dfdb65c377a2cd1ead9ad810de3636c182844884c284f4c5fc4c7794d882e55

data/README.md

@@ -18,6 +18,7 @@ In order to use this library, you first need to go through the following steps:
 
 1. [Select or create a Cloud Platform project.](https://console.cloud.google.com/project)
 1. [Enable billing for your project.](https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project)
+1. [Enable the API.](https://console.cloud.google.com/apis/library/secretmanager.googleapis.com)
 1. {file:AUTHENTICATION.md Set up authentication.}
 
 ## Quick Start
@@ -33,6 +34,9 @@ response = client.list_secrets request
 View the [Client Library Documentation](https://googleapis.dev/ruby/google-cloud-secret_manager-v1/latest)
 for class and method documentation.
 
+See also the [Product Documentation](https://cloud.google.com/secret-manager)
+for general usage information.
+
 ## Enabling Logging
 
 To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.

data/lib/google/cloud/secret_manager/v1.rb

@@ -33,3 +33,6 @@ module Google
     end
   end
 end
+
+helper_path = ::File.join __dir__, "v1", "_helpers.rb"
+require "google/cloud/secret_manager/v1/_helpers" if ::File.file? helper_path

data/lib/google/cloud/secret_manager/v1/secret_manager_service/client.rb

@@ -92,7 +92,7 @@ module Google
                   initial_delay: 1.0,
                   max_delay:     60.0,
                   multiplier:    1.3,
-                  retry_codes:   ["UNAVAILABLE", "UNKNOWN"]
+                  retry_codes:   [14, 2]
                 }
 
                 default_config.rpcs.disable_secret_version.timeout = 60.0
@@ -1347,7 +1347,7 @@ module Google
 
               config_attr :endpoint,      "secretmanager.googleapis.com", ::String
               config_attr :credentials,   nil do |value|
-                allowed = [::String, ::Hash, ::Proc, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
+                allowed = [::String, ::Hash, ::Proc, ::Symbol, ::Google::Auth::Credentials, ::Signet::OAuth2::Client, nil]
                 allowed += [::GRPC::Core::Channel, ::GRPC::Core::ChannelCredentials] if defined? ::GRPC
                 allowed.any? { |klass| klass === value }
               end
@@ -1387,7 +1387,7 @@ module Google
               # Each configuration object is of type `Gapic::Config::Method` and includes
               # the following configuration fields:
               #
-              #  *  `timeout` (*type:* `Numeric`) - The call timeout in milliseconds
+              #  *  `timeout` (*type:* `Numeric`) - The call timeout in seconds
               #  *  `metadata` (*type:* `Hash{Symbol=>String}`) - Additional gRPC headers
               #  *  `retry_policy (*type:* `Hash`) - The retry policy. The policy fields
               #     include the following keys:

data/lib/google/cloud/secret_manager/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module SecretManager
       module V1
-        VERSION = "0.4.2"
+        VERSION = "0.5.1"
       end
     end
   end

data/lib/google/cloud/secretmanager/v1/resources_pb.rb

@@ -20,6 +20,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :create_time, :message, 2, "google.protobuf.Timestamp"
       optional :destroy_time, :message, 3, "google.protobuf.Timestamp"
       optional :state, :enum, 4, "google.cloud.secretmanager.v1.SecretVersion.State"
+      optional :replication_status, :message, 5, "google.cloud.secretmanager.v1.ReplicationStatus"
     end
     add_enum "google.cloud.secretmanager.v1.SecretVersion.State" do
       value :STATE_UNSPECIFIED, 0
@@ -34,12 +35,36 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       end
     end
     add_message "google.cloud.secretmanager.v1.Replication.Automatic" do
+      optional :customer_managed_encryption, :message, 1, "google.cloud.secretmanager.v1.CustomerManagedEncryption"
     end
     add_message "google.cloud.secretmanager.v1.Replication.UserManaged" do
       repeated :replicas, :message, 1, "google.cloud.secretmanager.v1.Replication.UserManaged.Replica"
     end
     add_message "google.cloud.secretmanager.v1.Replication.UserManaged.Replica" do
       optional :location, :string, 1
+      optional :customer_managed_encryption, :message, 2, "google.cloud.secretmanager.v1.CustomerManagedEncryption"
+    end
+    add_message "google.cloud.secretmanager.v1.CustomerManagedEncryption" do
+      optional :kms_key_name, :string, 1
+    end
+    add_message "google.cloud.secretmanager.v1.ReplicationStatus" do
+      oneof :replication_status do
+        optional :automatic, :message, 1, "google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus"
+        optional :user_managed, :message, 2, "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus"
+      end
+    end
+    add_message "google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus" do
+      optional :customer_managed_encryption, :message, 1, "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus"
+    end
+    add_message "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus" do
+      repeated :replicas, :message, 1, "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus"
+    end
+    add_message "google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus" do
+      optional :location, :string, 1
+      optional :customer_managed_encryption, :message, 2, "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus"
+    end
+    add_message "google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus" do
+      optional :kms_key_version_name, :string, 1
     end
     add_message "google.cloud.secretmanager.v1.SecretPayload" do
       optional :data, :bytes, 1
@@ -58,6 +83,12 @@ module Google
         Replication::Automatic = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.Automatic").msgclass
         Replication::UserManaged = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.UserManaged").msgclass
         Replication::UserManaged::Replica = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.Replication.UserManaged.Replica").msgclass
+        CustomerManagedEncryption = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.CustomerManagedEncryption").msgclass
+        ReplicationStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus").msgclass
+        ReplicationStatus::AutomaticStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.AutomaticStatus").msgclass
+        ReplicationStatus::UserManagedStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus").msgclass
+        ReplicationStatus::UserManagedStatus::ReplicaStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.ReplicationStatus.UserManagedStatus.ReplicaStatus").msgclass
+        CustomerManagedEncryptionStatus = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.CustomerManagedEncryptionStatus").msgclass
         SecretPayload = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.secretmanager.v1.SecretPayload").msgclass
       end
     end

data/lib/google/cloud/secretmanager/v1/service_services_pb.rb

@@ -24,9 +24,6 @@ module Google
     module SecretManager
       module V1
         module SecretManagerService
-          # `projects/*/secrets/*/versions/latest` is an alias to the `latest`
-          # [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
-          #
           # Secret Manager Service
           #
           # Manages secrets and operations using those secrets. Implements a REST
@@ -43,56 +40,56 @@ module Google
             self.service_name = 'google.cloud.secretmanager.v1.SecretManagerService'
 
             # Lists [Secrets][google.cloud.secretmanager.v1.Secret].
-            rpc :ListSecrets, Google::Cloud::SecretManager::V1::ListSecretsRequest, Google::Cloud::SecretManager::V1::ListSecretsResponse
+            rpc :ListSecrets, ::Google::Cloud::SecretManager::V1::ListSecretsRequest, ::Google::Cloud::SecretManager::V1::ListSecretsResponse
             # Creates a new [Secret][google.cloud.secretmanager.v1.Secret] containing no [SecretVersions][google.cloud.secretmanager.v1.SecretVersion].
-            rpc :CreateSecret, Google::Cloud::SecretManager::V1::CreateSecretRequest, Google::Cloud::SecretManager::V1::Secret
+            rpc :CreateSecret, ::Google::Cloud::SecretManager::V1::CreateSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
             # Creates a new [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] containing secret data and attaches
             # it to an existing [Secret][google.cloud.secretmanager.v1.Secret].
-            rpc :AddSecretVersion, Google::Cloud::SecretManager::V1::AddSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
+            rpc :AddSecretVersion, ::Google::Cloud::SecretManager::V1::AddSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Gets metadata for a given [Secret][google.cloud.secretmanager.v1.Secret].
-            rpc :GetSecret, Google::Cloud::SecretManager::V1::GetSecretRequest, Google::Cloud::SecretManager::V1::Secret
+            rpc :GetSecret, ::Google::Cloud::SecretManager::V1::GetSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
             # Updates metadata of an existing [Secret][google.cloud.secretmanager.v1.Secret].
-            rpc :UpdateSecret, Google::Cloud::SecretManager::V1::UpdateSecretRequest, Google::Cloud::SecretManager::V1::Secret
+            rpc :UpdateSecret, ::Google::Cloud::SecretManager::V1::UpdateSecretRequest, ::Google::Cloud::SecretManager::V1::Secret
             # Deletes a [Secret][google.cloud.secretmanager.v1.Secret].
-            rpc :DeleteSecret, Google::Cloud::SecretManager::V1::DeleteSecretRequest, Google::Protobuf::Empty
+            rpc :DeleteSecret, ::Google::Cloud::SecretManager::V1::DeleteSecretRequest, ::Google::Protobuf::Empty
             # Lists [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. This call does not return secret
             # data.
-            rpc :ListSecretVersions, Google::Cloud::SecretManager::V1::ListSecretVersionsRequest, Google::Cloud::SecretManager::V1::ListSecretVersionsResponse
+            rpc :ListSecretVersions, ::Google::Cloud::SecretManager::V1::ListSecretVersionsRequest, ::Google::Cloud::SecretManager::V1::ListSecretVersionsResponse
             # Gets metadata for a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             #
             # `projects/*/secrets/*/versions/latest` is an alias to the `latest`
             # [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
-            rpc :GetSecretVersion, Google::Cloud::SecretManager::V1::GetSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
+            rpc :GetSecretVersion, ::Google::Cloud::SecretManager::V1::GetSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Accesses a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. This call returns the secret data.
             #
             # `projects/*/secrets/*/versions/latest` is an alias to the `latest`
             # [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
-            rpc :AccessSecretVersion, Google::Cloud::SecretManager::V1::AccessSecretVersionRequest, Google::Cloud::SecretManager::V1::AccessSecretVersionResponse
+            rpc :AccessSecretVersion, ::Google::Cloud::SecretManager::V1::AccessSecretVersionRequest, ::Google::Cloud::SecretManager::V1::AccessSecretVersionResponse
             # Disables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             #
             # Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
             # [DISABLED][google.cloud.secretmanager.v1.SecretVersion.State.DISABLED].
-            rpc :DisableSecretVersion, Google::Cloud::SecretManager::V1::DisableSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
+            rpc :DisableSecretVersion, ::Google::Cloud::SecretManager::V1::DisableSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Enables a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             #
             # Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
             # [ENABLED][google.cloud.secretmanager.v1.SecretVersion.State.ENABLED].
-            rpc :EnableSecretVersion, Google::Cloud::SecretManager::V1::EnableSecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
+            rpc :EnableSecretVersion, ::Google::Cloud::SecretManager::V1::EnableSecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Destroys a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion].
             #
             # Sets the [state][google.cloud.secretmanager.v1.SecretVersion.state] of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] to
             # [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED] and irrevocably destroys the
             # secret data.
-            rpc :DestroySecretVersion, Google::Cloud::SecretManager::V1::DestroySecretVersionRequest, Google::Cloud::SecretManager::V1::SecretVersion
+            rpc :DestroySecretVersion, ::Google::Cloud::SecretManager::V1::DestroySecretVersionRequest, ::Google::Cloud::SecretManager::V1::SecretVersion
             # Sets the access control policy on the specified secret. Replaces any
             # existing policy.
             #
             # Permissions on [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] are enforced according
             # to the policy set on the associated [Secret][google.cloud.secretmanager.v1.Secret].
-            rpc :SetIamPolicy, Google::Iam::V1::SetIamPolicyRequest, Google::Iam::V1::Policy
+            rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
             # Gets the access control policy for a secret.
             # Returns empty policy if the secret exists and does not have a policy set.
-            rpc :GetIamPolicy, Google::Iam::V1::GetIamPolicyRequest, Google::Iam::V1::Policy
+            rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
             # Returns permissions that a caller has for the specified secret.
             # If the secret does not exist, this call returns an empty set of
             # permissions, not a NOT_FOUND error.
@@ -100,7 +97,7 @@ module Google
             # Note: This operation is designed to be used for building permission-aware
             # UIs and command-line tools, not for authorization checking. This operation
             # may "fail open" without warning.
-            rpc :TestIamPermissions, Google::Iam::V1::TestIamPermissionsRequest, Google::Iam::V1::TestIamPermissionsResponse
+            rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
           end
 
           Stub = Service.rpc_stub_class

data/proto_docs/google/api/resource.rb

@@ -43,12 +43,12 @@ module Google
     #
     # The ResourceDescriptor Yaml config will look like:
     #
-    #    resources:
-    #    - type: "pubsub.googleapis.com/Topic"
-    #      name_descriptor:
-    #        - pattern: "projects/\\{project}/topics/\\{topic}"
-    #          parent_type: "cloudresourcemanager.googleapis.com/Project"
-    #          parent_name_extractor: "projects/\\{project}"
+    #     resources:
+    #     - type: "pubsub.googleapis.com/Topic"
+    #       name_descriptor:
+    #         - pattern: "projects/{project}/topics/{topic}"
+    #           parent_type: "cloudresourcemanager.googleapis.com/Project"
+    #           parent_name_extractor: "projects/{project}"
     #
     # Sometimes, resources have multiple patterns, typically because they can
     # live under multiple parents.
@@ -183,15 +183,24 @@ module Google
     #         }
     # @!attribute [rw] plural
     #   @return [::String]
-    #     The plural name used in the resource name, such as 'projects' for
-    #     the name of 'projects/\\{project}'. It is the same concept of the `plural`
-    #     field in k8s CRD spec
+    #     The plural name used in the resource name and permission names, such as
+    #     'projects' for the resource name of 'projects/\\{project}' and the permission
+    #     name of 'cloudresourcemanager.googleapis.com/projects.get'. It is the same
+    #     concept of the `plural` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+    #
+    #     Note: The plural form is required even for singleton resources. See
+    #     https://aip.dev/156
     # @!attribute [rw] singular
     #   @return [::String]
     #     The same concept of the `singular` field in k8s CRD spec
     #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
     #     Such as "project" for the `resourcemanager.googleapis.com/Project` type.
+    # @!attribute [rw] style
+    #   @return [::Array<::Google::Api::ResourceDescriptor::Style>]
+    #     Style flag(s) for this resource.
+    #     These indicate that a resource is expected to conform to a given
+    #     style. See the specific style flags for additional information.
     class ResourceDescriptor
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -211,6 +220,22 @@ module Google
         # that from being necessary once there are multiple patterns.)
         FUTURE_MULTI_PATTERN = 2
       end
+
+      # A flag representing a specific style that a resource claims to conform to.
+      module Style
+        # The unspecified value. Do not use.
+        STYLE_UNSPECIFIED = 0
+
+        # This resource is intended to be "declarative-friendly".
+        #
+        # Declarative-friendly resources must be more strictly consistent, and
+        # setting this to true communicates to tools that this resource should
+        # adhere to declarative-friendly expectations.
+        #
+        # Note: This is used by the API linter (linter.aip.dev) to enable
+        # additional checks.
+        DECLARATIVE_FRIENDLY = 1
+      end
     end
 
     # Defines a proto annotation that describes a string field that refers to
@@ -226,6 +251,17 @@ module Google
     #             type: "pubsub.googleapis.com/Topic"
     #           }];
     #         }
+    #
+    #     Occasionally, a field may reference an arbitrary resource. In this case,
+    #     APIs use the special value * in their resource reference.
+    #
+    #     Example:
+    #
+    #         message GetIamPolicyRequest {
+    #           string resource = 2 [(google.api.resource_reference) = {
+    #             type: "*"
+    #           }];
+    #         }
     # @!attribute [rw] child_type
     #   @return [::String]
     #     The resource type of a child collection that the annotated field
@@ -234,11 +270,11 @@ module Google
     #
     #     Example:
     #
-    #       message ListLogEntriesRequest {
-    #         string parent = 1 [(google.api.resource_reference) = {
-    #           child_type: "logging.googleapis.com/LogEntry"
-    #         };
-    #       }
+    #         message ListLogEntriesRequest {
+    #           string parent = 1 [(google.api.resource_reference) = {
+    #             child_type: "logging.googleapis.com/LogEntry"
+    #           };
+    #         }
     class ResourceReference
       include ::Google::Protobuf::MessageExts
       extend ::Google::Protobuf::MessageExts::ClassMethods

data/proto_docs/google/cloud/secretmanager/v1/resources.rb

@@ -83,6 +83,9 @@ module Google
         # @!attribute [r] state
         #   @return [::Google::Cloud::SecretManager::V1::SecretVersion::State]
         #     Output only. The current state of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+        # @!attribute [rw] replication_status
+        #   @return [::Google::Cloud::SecretManager::V1::ReplicationStatus]
+        #     The replication status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
         class SecretVersion
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -106,7 +109,7 @@ module Google
           end
         end
 
-        # A policy that defines the replication configuration of data.
+        # A policy that defines the replication and encryption configuration of data.
         # @!attribute [rw] automatic
         #   @return [::Google::Cloud::SecretManager::V1::Replication::Automatic]
         #     The {::Google::Cloud::SecretManager::V1::Secret Secret} will automatically be replicated without any restrictions.
@@ -119,6 +122,14 @@ module Google
 
           # A replication policy that replicates the {::Google::Cloud::SecretManager::V1::Secret Secret} payload without any
           # restrictions.
+          # @!attribute [rw] customer_managed_encryption
+          #   @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryption]
+          #     Optional. The customer-managed encryption configuration of the {::Google::Cloud::SecretManager::V1::Secret Secret}. If no
+          #     configuration is provided, Google-managed default encryption is used.
+          #
+          #     Updates to the {::Google::Cloud::SecretManager::V1::Secret Secret} encryption configuration only apply to
+          #     {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions} added afterwards. They do not apply
+          #     retroactively to existing {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions}.
           class Automatic
             include ::Google::Protobuf::MessageExts
             extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -140,6 +151,15 @@ module Google
             #   @return [::String]
             #     The canonical IDs of the location to replicate data.
             #     For example: `"us-east1"`.
+            # @!attribute [rw] customer_managed_encryption
+            #   @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryption]
+            #     Optional. The customer-managed encryption configuration of the [User-Managed
+            #     Replica][Replication.UserManaged.Replica]. If no configuration is
+            #     provided, Google-managed default encryption is used.
+            #
+            #     Updates to the {::Google::Cloud::SecretManager::V1::Secret Secret} encryption configuration only apply to
+            #     {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions} added afterwards. They do not apply
+            #     retroactively to existing {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersions}.
             class Replica
               include ::Google::Protobuf::MessageExts
               extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -147,6 +167,97 @@ module Google
           end
         end
 
+        # Configuration for encrypting secret payloads using customer-managed
+        # encryption keys (CMEK).
+        # @!attribute [rw] kms_key_name
+        #   @return [::String]
+        #     Required. The resource name of the Cloud KMS CryptoKey used to encrypt secret
+        #     payloads.
+        #
+        #     For secrets using the {::Google::Cloud::SecretManager::V1::Replication::UserManaged UserManaged} replication
+        #     policy type, Cloud KMS CryptoKeys must reside in the same location as the
+        #     [replica location][Secret.UserManaged.Replica.location].
+        #
+        #     For secrets using the {::Google::Cloud::SecretManager::V1::Replication::Automatic Automatic} replication policy
+        #     type, Cloud KMS CryptoKeys must reside in `global`.
+        #
+        #     The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
+        class CustomerManagedEncryption
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+        # @!attribute [rw] automatic
+        #   @return [::Google::Cloud::SecretManager::V1::ReplicationStatus::AutomaticStatus]
+        #     Describes the replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} with
+        #     automatic replication.
+        #
+        #     Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has an automatic replication
+        #     policy.
+        # @!attribute [rw] user_managed
+        #   @return [::Google::Cloud::SecretManager::V1::ReplicationStatus::UserManagedStatus]
+        #     Describes the replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} with
+        #     user-managed replication.
+        #
+        #     Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has a user-managed replication
+        #     policy.
+        class ReplicationStatus
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} using automatic replication.
+          #
+          # Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has an automatic replication
+          # policy.
+          # @!attribute [r] customer_managed_encryption
+          #   @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryptionStatus]
+          #     Output only. The customer-managed encryption status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. Only
+          #     populated if customer-managed encryption is used.
+          class AutomaticStatus
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # The replication status of a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion} using user-managed
+          # replication.
+          #
+          # Only populated if the parent {::Google::Cloud::SecretManager::V1::Secret Secret} has a user-managed replication
+          # policy.
+          # @!attribute [r] replicas
+          #   @return [::Array<::Google::Cloud::SecretManager::V1::ReplicationStatus::UserManagedStatus::ReplicaStatus>]
+          #     Output only. The list of replica statuses for the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+          class UserManagedStatus
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Describes the status of a user-managed replica for the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
+            # @!attribute [r] location
+            #   @return [::String]
+            #     Output only. The canonical ID of the replica location.
+            #     For example: `"us-east1"`.
+            # @!attribute [r] customer_managed_encryption
+            #   @return [::Google::Cloud::SecretManager::V1::CustomerManagedEncryptionStatus]
+            #     Output only. The customer-managed encryption status of the {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}. Only
+            #     populated if customer-managed encryption is used.
+            class ReplicaStatus
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+          end
+        end
+
+        # Describes the status of customer-managed encryption.
+        # @!attribute [rw] kms_key_version_name
+        #   @return [::String]
+        #     Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt the
+        #     secret payload, in the following format:
+        #     `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.
+        class CustomerManagedEncryptionStatus
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # A secret payload resource in the Secret Manager API. This contains the
         # sensitive secret payload that is associated with a {::Google::Cloud::SecretManager::V1::SecretVersion SecretVersion}.
         # @!attribute [rw] data

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-secret_manager-v1
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.1
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-05 00:00:00.000000000 Z
+date: 2021-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
 - !ruby/object:Gem::Dependency
   name: google-cloud-errors
   requirement: !ruby/object:Gem::Requirement
@@ -224,7 +224,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
+rubygems_version: 3.2.6
 signing_key: 
 specification_version: 4
 summary: API Client library for the Secret Manager V1 API