Google Cloud Secret Manager Client Library

2.27.0 verified Tue May 12 auth: no python install: verified quickstart: stale

A Python client library for Google Cloud Secret Manager, enabling secure storage and management of application secrets. Current version: 2.27.0. Released on a regular cadence, with recent updates enhancing functionality and security features.

pip install google-cloud-secret-manager

Common errors

error ModuleNotFoundError: No module named 'google.cloud.secretmanager' ↓

cause The `google-cloud-secret-manager` library is not installed in the Python environment, or the environment (e.g., a specific runtime in a cloud service) cannot locate the installed package.

fix

Install the library using pip: pip install google-cloud-secret-manager

error ImportError: cannot import name 'secretmanager' from 'google.cloud' ↓

cause This typically occurs when the `google-cloud-secret-manager` package is not correctly installed or its components are not accessible within the `google.cloud` namespace, sometimes due to conflicts with other `google.cloud` packages or environment issues.

fix

Ensure the library is properly installed: pip install google-cloud-secret-manager. If issues persist, verify your Python environment and package paths, especially in isolated environments like virtual machines or containers.

error Permission denied (or similar error message indicating missing permissions like 'secretmanager.versions.accessSecretVersion') ↓

cause The service account or user identity attempting to access the secret lacks the necessary IAM permissions, such as 'Secret Manager Secret Accessor' (`roles/secretmanager.secretAccessor`) for the secret, project, or folder.

fix

Grant the appropriate IAM role (e.g., 'Secret Manager Secret Accessor') to the service account or user identity on the specific secret or its parent resource (project/folder/organization).

error AttributeError: 'SecretVersion' object has no attribute 'payload' ↓

cause After retrieving a `SecretVersion` object, the actual secret data is stored within its `payload.data` attribute, not directly in a `payload` attribute of the `SecretVersion` object itself.

fix

Access the secret data via response.payload.data.decode('utf-8') after retrieving the secret version, where response is the SecretVersion object.

Warnings

breaking Import path changed from 'google.cloud import secretmanager' to 'google.cloud import secretmanager_v1'. ↓

fix Update import statements to 'from google.cloud import secretmanager_v1'.

deprecated Using 'secretmanager' instead of 'secretmanager_v1' may lead to compatibility issues in future releases. ↓

fix Transition to 'secretmanager_v1' to ensure compatibility with future versions.

gotcha Ensure that the 'GOOGLE_APPLICATION_CREDENTIALS' environment variable points to a valid service account JSON file for authentication. ↓

fix Set the 'GOOGLE_APPLICATION_CREDENTIALS' environment variable to the path of your service account JSON file.

Install compatibility verified last tested: 2026-05-12

python os / libc status wheel install import disk

3.10 alpine (musl) - - 1.85s 69.8M

3.10 slim (glibc) - - 1.04s 68M

3.11 alpine (musl) - - 2.48s 74.7M

3.11 slim (glibc) - - 1.53s 72M

3.12 alpine (musl) - - 2.54s 66.1M

3.12 slim (glibc) - - 1.88s 64M

3.13 alpine (musl) - - 2.33s 65.6M

3.13 slim (glibc) - - 1.99s 63M

3.9 alpine (musl) - - 1.50s 69.9M

3.9 slim (glibc) - - 1.18s 68M

Imports

SecretManagerServiceClient
```
from google.cloud import secretmanager_v1
```
Ensure to import from 'secretmanager_v1' for the latest features and fixes.

Quickstart stale last tested: 2026-04-23

A complete example demonstrating how to create a secret, add a version, and access the secret's payload using the Google Cloud Secret Manager client library.

import os
from google.cloud import secretmanager_v1

# Set up authentication
os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = 'path_to_your_service_account_file.json'

# Initialize the Secret Manager client
client = secretmanager_v1.SecretManagerServiceClient()

# Define project and secret details
project_id = 'your-project-id'
secret_id = 'your-secret-id'

# Build the parent name from the project
parent = f'projects/{project_id}'

# Create the secret
secret = client.create_secret(
    request={
        'parent': parent,
        'secret_id': secret_id,
        'secret': {'replication': {'automatic': {}}},
    }
)

# Add a version with a payload
version = client.add_secret_version(
    request={
        'parent': secret.name,
        'payload': {'data': b'hello world!'},
    }
)

# Access the secret version
response = client.access_secret_version(request={'name': version.name})

# Print the secret payload
payload = response.payload.data.decode('UTF-8')
print(f'Plaintext: {payload}')