automation

Manage GCP Secrets with Python Script Automation

A Python script for creating, overwriting, and deleting secrets in Google Cloud Platform's Secret Manager using YAML and environment variables.

Shipped January 2026

View repo

A Python script to manage secrets in Google Cloud Platform's Secret Manager. It supports creating, overwriting, and deleting secrets based on YAML configuration files and environment variables.

Features

  • Create new secrets in GCP Secret Manager
  • Add secret versions with payloads from environment variables
  • Overwrite existing secrets
  • Delete secrets specified in configuration
  • Configurable via YAML files and environment variables

Tech Stack

  • Python 3.6+
  • Google Cloud Secret Manager API (google-cloud-secret-manager)
  • Environment variable management (python-dotenv)
  • YAML parsing (pyyaml)

Getting Started

Prerequisites

  • Python 3.6 or higher
  • Google Cloud SDK installed and authenticated
  • Service account JSON key with Secret Manager permissions

Installation

# Clone the repository
git clone https://github.com/justin-napolitano/gcp-secret-creation.py.git
cd gcp-secret-creation.py

# Create and activate a virtual environment
python -m venv venv
source venv/bin/activate  # Windows: venv\Scripts\activate

# Install dependencies
pip install google-cloud-secret-manager python-dotenv pyyaml

Setup

  1. Create a .env file in the root directory with your project and secret values:
PROJECT_NAME=your_project_name
FAKE_MASTODON_USERNAME=fake_username
FAKE_MASTODON_PASSWORD=fake_password
  1. Create a YAML file (e.g. secrets.yaml) listing the secrets to manage:
secrets:
  - id: "FAKE_MASTODON_USERNAME"
    env_var: "FAKE_MASTODON_USERNAME"
  - id: "FAKE_MASTODON_PASSWORD"
    env_var: "FAKE_MASTODON_PASSWORD"

Running the Script

python scrt-creation.py --secrets-file secrets.yaml

Available Arguments

  • --url: Base URL for API endpoint (default: http://localhost:8080)
  • --test: Delete secrets after testing
  • --overwrite: Overwrite existing secrets
  • --delete: Delete secrets specified in the YAML file
  • --secrets-file: Path to the YAML secrets configuration file (default: secrets.yaml)

Project Structure

  • scrt-creation.py: Main script managing secret creation, versioning, and deletion
  • conf.example.yaml: Example YAML configuration for secrets
  • mastodon-secrets.yaml: Sample secrets configuration for Mastodon credentials
  • env.example: Example environment variables file
  • secret.json: GCP service account credentials (should be secured and not committed)
  • readme.md: Project documentation

Future Work / Roadmap

  • Add automated testing for secret management operations
  • Support for secret rotation scheduling
  • Enhanced error handling and logging
  • Integration with CI/CD pipelines
  • Support for multiple GCP projects or environments
  • Add support for other secret backends

Note: The repository currently lacks a detailed description and some documentation sections. The above assumes typical usage patterns based on the provided files and code snippets.

Need more context?

Want help adapting this playbook?

Send me the constraints and I'll annotate the relevant docs, share risks I see, and outline the first sprint so the work keeps moving.

Request a walkthroughDocumentation index