Google Cloud Secret Manager Integration¶
The ADK provides a built-in client for Google Cloud Secret Manager to simplify retrieving secrets, such as API keys or other credentials, in your production deployments.
SecretManagerClient¶
The SecretManagerClient (google.adk.integrations.secret_manager.secret_client)
provides a simplified interface for retrieving secrets from Secret Manager.
Authentication¶
You can instantiate the SecretManagerClient in a few ways:
-
Application Default Credentials (ADC): If you are running on Google Cloud (e.g., Cloud Run, GKE, Compute Engine) and the environment is configured with a service account, the client will automatically use ADC.
-
Service Account JSON: You can provide the contents of a service account JSON keyfile as a string.
-
Authentication Token: You can use an existing Google Cloud authorization token.
Retrieving secrets¶
To retrieve a secret, use the get_secret() method, passing the full
resource name of the secret version.
from google.adk.integrations.secret_manager import secret_client
# Instantiate the client (e.g., using ADC)
secret_manager = secret_client.SecretManagerClient()
# Get the latest version of a secret
resource_name = "projects/my-project/secrets/my-secret/versions/latest"
secret_value = secret_manager.get_secret(resource_name)
# Now you can use the secret_value with other ADK tools
print(f"Retrieved secret: {secret_value}")
Replace my-project and my-secret with your Google Cloud project ID and
the name of your secret.