feat(secretmanager): Adding tags samples

secret-manager/detachTagBinding.js

@@ -0,0 +1,72 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+async function main(name, tagValue) {
+  // [START secretmanager_detach_tag_binding]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const name = 'projects/my-project/secrets/my-secret';
+  // const tagValue = 'tagValues/123456789012';
+
+  // Import the Resource Manager and Secret Manager libraries
+  const {TagBindingsClient} = require('@google-cloud/resource-manager').v3;
+
+  // Create the Resource Manager client
+  const rmClient = new TagBindingsClient();
+
+  // Build the resource name of the parent secret
+  const parent = `//secretmanager.googleapis.com/${name}`;
+
+  async function detachTag() {
+    // Find the binding name for the given tag value
+    let bindingName = null;
+    const iterable = rmClient.listTagBindingsAsync(
+      {
+        parent: parent,
+        pageSize: 50,
+      },
+      {autoPaginate: false}
+    );
+
+    for await (const binding of iterable) {
+      if (binding.tagValue === tagValue) {
+        bindingName = binding.name;
+        break;
+      }
+    }
+
+    if (bindingName === null) {
+      console.log(`Tag binding for value ${tagValue} not found on ${name}.`);
+      return;
+    }
+
+    // Delete the tag binding
+    const [operation] = await rmClient.deleteTagBinding({
+      name: bindingName,
+    });
+
+    // Wait for the operation to complete
+    await operation.promise();
+    console.log(`Detached tag value ${tagValue} from ${name}`);
+  }
+
+  detachTag();
+  // [END secretmanager_detach_tag_binding]
+}
+
+const args = process.argv.slice(2);
+main(...args).catch(console.error);

secret-manager/listSecretVersionsWithFilter.js

@@ -0,0 +1,47 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+async function main(parent = 'projects/my-project/secrets/my-secret') {
+  // [START secretmanager_list_secret_versions_with_filter]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const parent = 'projects/my-project/secrets/my-secret';
+  const filterStr = 'state=DISABLED';
+
+  // Imports the Secret Manager library
+  const {SecretManagerServiceClient} = require('@google-cloud/secret-manager');
+
+  // Instantiates a client
+  const client = new SecretManagerServiceClient();
+
+  async function listSecretVersionsWithFilter() {
+    const [versions] = await client.listSecretVersions({
+      parent: parent,
+      filter: filterStr,
+    });
+
+    versions.forEach(version => {
+      console.log(`Found version: ${version.name}`);
+    });
+  }
+
+  listSecretVersionsWithFilter();
+  // [END secretmanager_list_secret_versions_with_filter]
+}
+
+const args = process.argv.slice(2);
+main(...args).catch(console.error);

secret-manager/listSecretsWithFilter.js

@@ -0,0 +1,52 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+async function main(projectId) {
+  // [START secretmanager_list_secrets_with_filter]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const projectId = 'my-project';
+  const filterStr = 'labels.secretmanager=rocks';
+
+  // Imports the Secret Manager library
+  const {SecretManagerServiceClient} = require('@google-cloud/secret-manager');
+
+  // Instantiates a client
+  const client = new SecretManagerServiceClient();
+
+  // Build the resource name of the parent project
+  const parent = `projects/${projectId}`;
+
+  // List all secrets
+  async function listSecretsWithFilter() {
+    const [secrets] = await client.listSecrets({
+      parent: parent,
+      filter: filterStr,
+    });
+
+    // Print each secret
+    for (const secret of secrets) {
+      console.log(`Found secret: ${secret.name}`);
+    }
+  }
+
+  listSecretsWithFilter();
+  // [END secretmanager_list_secrets_with_filter]
+}
+
+const args = process.argv.slice(2);
+main(...args).catch(console.error);

secret-manager/listTagBindings.js

@@ -0,0 +1,63 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+async function main(name = 'projects/my-project/secrets/my-secret') {
+  // [START secretmanager_list_tag_bindings]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const name = 'projects/my-project/secrets/my-secret';
+
+  // Import the Resource Manager and Secret Manager libraries
+  const {TagBindingsClient} = require('@google-cloud/resource-manager').v3;
+
+  // Create the Resource Manager client
+  const client = new TagBindingsClient();
+
+  // Build the resource name of the parent secret
+  const parent = `//secretmanager.googleapis.com/${name}`;
+
+  async function listTagBindings() {
+    // List all tag bindings
+    let foundBindings = false;
+
+    // Use paginate to handle any pagination in the response
+    const iterable = client.listTagBindingsAsync(
+      {
+        parent: parent,
+        pageSize: 10,
+      },
+      {autoPaginate: false}
+    );
+
+    console.log(`Tag bindings for ${name}:`);
+
+    for await (const binding of iterable) {
+      console.log(`- Tag Value: ${binding.tagValue}`);
+      foundBindings = true;
+    }
+
+    if (!foundBindings) {
+      console.log(`No tag bindings found for ${name}.`);
+    }
+  }
+
+  listTagBindings();
+  // [END secretmanager_list_tag_bindings]
+}
+
+const args = process.argv.slice(2);
+main(...args).catch(console.error);

secret-manager/regional_samples/detachRegionalTag.js

@@ -0,0 +1,85 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+async function main(projectId, locationId, secretId, tagValue) {
+  // [START secretmanager_detach_regional_tag]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const projectId = 'my-project';
+  // const locationId = 'us-central1';
+  // const secretId = 'my-secret';
+  // const tagValue = 'tagValues/123456789012';
+
+  // Import the Resource Manager library
+  const {TagBindingsClient} = require('@google-cloud/resource-manager').v3;
+
+  // Set up the endpoint for the regional resource manager
+  const rmEndpoint = `${locationId}-cloudresourcemanager.googleapis.com`;
+
+  // Create the Tag Bindings client with the regional endpoint
+  const tagBindingsClient = new TagBindingsClient({
+    apiEndpoint: rmEndpoint,
+  });
+
+  // Build the resource name for the regional secret
+  const secretName = `projects/${projectId}/locations/${locationId}/secrets/${secretId}`;
+
+  // Format the parent resource for the tag bindings request
+  const parent = `//secretmanager.googleapis.com/${secretName}`;
+
+  async function detachRegionalTag() {
+    // Find the binding with the specified tag value
+    let bindingName = null;
+    const iterable = tagBindingsClient.listTagBindingsAsync(
+      {
+        parent: parent,
+        pageSize: 50,
+      },
+      {autoPaginate: false}
+    );
+
+    for await (const binding of iterable) {
+      if (binding.tagValue === tagValue) {
+        bindingName = binding.name;
+        break;
+      }
+    }
+
+    if (bindingName === null) {
+      console.log(
+        `Tag binding for value ${tagValue} not found on ${secretName}.`
+      );
+      return;
+    }
+
+    // Delete the tag binding
+    const [operation] = await tagBindingsClient.deleteTagBinding({
+      name: bindingName,
+    });
+
+    // Wait for the operation to complete
+    await operation.promise();
+
+    console.log(`Detached tag value ${tagValue} from ${secretName}`);
+  }
+
+  return detachRegionalTag();
+  // [END secretmanager_detach_regional_tag]
+}
+
+const args = process.argv.slice(2);
+main(...args).catch(console.error);

secret-manager/regional_samples/listRegionalSecretVersionsWithFilter.js

@@ -0,0 +1,55 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+async function main(projectId, locationId, secretId) {
+  // [START secretmanager_list_regional_secret_versions_with_filter]
+  /**
+   * TODO(developer): Uncomment these variables before running the sample.
+   */
+  // const projectId = 'my-project';
+  // const locationId = 'my-location';
+  // const secretId = 'my-secret';
+  const filterStr = 'state=DISABLED';
+
+  const parent = `projects/${projectId}/locations/${locationId}/secrets/${secretId}`;
+
+  // Imports the Secret Manager library
+  const {SecretManagerServiceClient} = require('@google-cloud/secret-manager');
+
+  // Adding the endpoint to call the regional secret manager sever
+  const options = {};
+  options.apiEndpoint = `secretmanager.${locationId}.rep.googleapis.com`;
+
+  // Instantiates a client
+  const client = new SecretManagerServiceClient(options);
+
+  async function listRegionalSecretVersionsWithFilter() {
+    const [versions] = await client.listSecretVersions({
+      parent: parent,
+      filter: filterStr,
+    });
+
+    versions.forEach(version => {
+      console.log(`Found version: ${version.name}`);
+    });
+  }
+
+  listRegionalSecretVersionsWithFilter();
+  // [END secretmanager_list_regional_secret_versions_with_filter]
+}
+
+const args = process.argv.slice(2);
+main(...args).catch(console.error);