@@ -18,6 +18,7 @@ package google.cloud.secretmanager.v1;
1818
1919import "google/api/field_behavior.proto" ;
2020import "google/api/resource.proto" ;
21+ import "google/protobuf/duration.proto" ;
2122import "google/protobuf/timestamp.proto" ;
2223import "google/api/annotations.proto" ;
2324
@@ -68,6 +69,23 @@ message Secret {
6869 //
6970 // No more than 64 labels can be assigned to a given resource.
7071 map <string , string > labels = 4 ;
72+
73+ // Expiration policy attached to the [Secret][google.cloud.secretmanager.v1.Secret]. If specified the [Secret][google.cloud.secretmanager.v1.Secret]
74+ // and all [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] will be automatically deleted at
75+ // expiration. Expired secrets are irreversibly deleted.
76+ //
77+ // Expiration is *not* the recommended way to set time-based permissions. [IAM
78+ // Conditions](https://cloud.google.com/secret-manager/docs/access-control#conditions)
79+ // is recommended for granting time-based permissions because the operation
80+ // can be reversed.
81+ oneof expiration {
82+ // Optional. Timestamp in UTC when the [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to expire. This is
83+ // always provided on output, regardless of what was sent on input.
84+ google.protobuf.Timestamp expire_time = 6 [(google.api.field_behavior ) = OPTIONAL ];
85+
86+ // Input only. The TTL for the [Secret][google.cloud.secretmanager.v1.Secret].
87+ google.protobuf.Duration ttl = 7 [(google.api.field_behavior ) = INPUT_ONLY ];
88+ }
7189}
7290
7391// A secret version resource in the Secret Manager API.
0 commit comments