feat(secretmanager): add examples for creating, updating and deleting secret expiration times

Author: dhavalbhensdadiya-crest

secretmanager/src/main/java/secretmanager/CreateSecretWithExpiration.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package secretmanager;
+
+// [START secretmanager_create_secret_with_expiration]
+import com.google.cloud.secretmanager.v1.ProjectName;
+import com.google.cloud.secretmanager.v1.Replication;
+import com.google.cloud.secretmanager.v1.Secret;
+import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
+import com.google.protobuf.Timestamp;
+import java.io.IOException;
+import java.time.Instant;
+
+public class CreateSecretWithExpiration {
+
+  public static void main(String[] args) throws IOException {
+    // TODO(developer): Replace these variables before running the sample.
+    
+    // This is the id of the GCP project
+    String projectId = "your-project-id";
+    // This is the id of the secret to create
+    String secretId = "your-secret-id";
+    // This is the time in seconds from now when the secret will expire
+    long expireTimeSeconds = 86400; // 24 hours
+    createSecretWithExpiration(projectId, secretId, expireTimeSeconds);
+  }
+
+  // Create a new secret with an expiration time.
+  public static Secret createSecretWithExpiration(
+      String projectId, String secretId, long expireTimeSeconds) throws IOException {
+    // Initialize client that will be used to send requests. This client only needs to be created
+    // once, and can be reused for multiple requests. After completing all of your requests, call
+    // the "close" method on the client to safely clean up any remaining background resources.
+    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
+      // Build the parent name from the project.
+      ProjectName projectName = ProjectName.of(projectId);
+
+      // Calculate the expiration time.
+      Instant expireTime = Instant.now().plusSeconds(expireTimeSeconds);
+      Timestamp expireTimestamp = Timestamp.newBuilder()
+          .setSeconds(expireTime.getEpochSecond())
+          .setNanos(expireTime.getNano())
+          .build();
+
+      // Build the secret to create with expiration time.
+      Secret secret =
+          Secret.newBuilder()
+              .setReplication(
+                  Replication.newBuilder()
+                      .setAutomatic(Replication.Automatic.newBuilder().build())
+                      .build())
+              .setExpireTime(expireTimestamp)
+              .build();
+
+      // Create the secret.
+      Secret createdSecret = client.createSecret(projectName, secretId, secret);
+      System.out.printf("Created secret %s with expire time\n", createdSecret.getName());
+
+      return createdSecret;
+    }
+  }
+}
+// [END secretmanager_create_secret_with_expiration]

secretmanager/src/main/java/secretmanager/DeleteSecretExpiration.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package secretmanager;
+
+// [START secretmanager_delete_secret_expiration]
+import com.google.cloud.secretmanager.v1.Secret;
+import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
+import com.google.cloud.secretmanager.v1.SecretName;
+import com.google.protobuf.FieldMask;
+import com.google.protobuf.util.FieldMaskUtil;
+import java.io.IOException;
+
+public class DeleteSecretExpiration {
+
+  public static void main(String[] args) throws IOException {
+    // TODO(developer): Replace these variables before running the sample.
+    
+    // This is the id of the GCP project
+    String projectId = "your-project-id";
+    // This is the id of the secret to update
+    String secretId = "your-secret-id";
+    deleteSecretExpiration(projectId, secretId);
+  }
+
+  // Delete the expiration time from an existing secret.
+  public static Secret deleteSecretExpiration(String projectId, String secretId) 
+      throws IOException {
+    // Initialize client that will be used to send requests. This client only needs to be created
+    // once, and can be reused for multiple requests. After completing all of your requests, call
+    // the "close" method on the client to safely clean up any remaining background resources.
+    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
+      // Build the secret name.
+      SecretName secretName = SecretName.of(projectId, secretId);
+
+      // Build the updated secret without expiration time.
+      Secret secret =
+          Secret.newBuilder()
+              .setName(secretName.toString())
+              .build();
+
+      // Build the field mask to clear the expiration time.
+      FieldMask fieldMask = FieldMaskUtil.fromString("expire_time");
+
+      // Update the secret to remove expiration.
+      Secret updatedSecret = client.updateSecret(secret, fieldMask);
+      System.out.printf("Deleted expiration from secret %s\n", updatedSecret.getName());
+
+      return updatedSecret;
+    }
+  }
+}
+// [END secretmanager_delete_secret_expiration]

secretmanager/src/main/java/secretmanager/UpdateSecretExpiration.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package secretmanager;
+
+// [START secretmanager_update_secret_expiration]
+import com.google.cloud.secretmanager.v1.Secret;
+import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
+import com.google.cloud.secretmanager.v1.SecretName;
+import com.google.protobuf.FieldMask;
+import com.google.protobuf.Timestamp;
+import com.google.protobuf.util.FieldMaskUtil;
+import java.io.IOException;
+import java.time.Instant;
+
+public class UpdateSecretExpiration {
+
+  public static void main(String[] args) throws IOException {
+    // TODO(developer): Replace these variables before running the sample.
+    
+    // This is the id of the GCP project
+    String projectId = "your-project-id";
+    // This is the id of the secret to update
+    String secretId = "your-secret-id";
+    // This is the time in seconds from now when the secret will expire
+    long expireTimeSeconds = 86400; // 24 hours
+    updateSecretExpiration(projectId, secretId, expireTimeSeconds);
+  }
+
+  // Update an existing secret with a new expiration time.
+  public static Secret updateSecretExpiration(
+      String projectId, String secretId, long expireTimeSeconds) throws IOException {
+    // Initialize client that will be used to send requests. This client only needs to be created
+    // once, and can be reused for multiple requests. After completing all of your requests, call
+    // the "close" method on the client to safely clean up any remaining background resources.
+    try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
+      // Build the secret name.
+      SecretName secretName = SecretName.of(projectId, secretId);
+
+      // Calculate the expiration time.
+      Instant expireTime = Instant.now().plusSeconds(expireTimeSeconds);
+      Timestamp expireTimestamp = Timestamp.newBuilder()
+          .setSeconds(expireTime.getEpochSecond())
+          .setNanos(expireTime.getNano())
+          .build();
+
+      // Build the updated secret with new expiration time.
+      Secret secret =
+          Secret.newBuilder()
+              .setName(secretName.toString())
+              .setExpireTime(expireTimestamp)
+              .build();
+
+      // Build the field mask to update only the expiration time.
+      FieldMask fieldMask = FieldMaskUtil.fromString("expire_time");
+
+      // Update the secret.
+      Secret updatedSecret = client.updateSecret(secret, fieldMask);
+      System.out.printf("Updated secret %s with new expiration time\n", updatedSecret.getName());
+
+      return updatedSecret;
+    }
+  }
+}
+// [END secretmanager_update_secret_expiration]

secretmanager/src/main/java/secretmanager/regionalsamples/CreateRegionalSecretWithExpiration.java

@@ -0,0 +1,82 @@
+/*
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package secretmanager.regionalsamples;
+
+// [START secretmanager_create_regional_secret_with_expiration]
+import com.google.cloud.secretmanager.v1.LocationName;
+import com.google.cloud.secretmanager.v1.Secret;
+import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
+import com.google.cloud.secretmanager.v1.SecretManagerServiceSettings;
+import com.google.protobuf.Timestamp;
+import java.io.IOException;
+import java.time.Instant;
+
+public class CreateRegionalSecretWithExpiration {
+
+  public static void main(String[] args) throws IOException {
+    // TODO(developer): Replace these variables before running the sample.
+    
+    // Your GCP project ID.
+    String projectId = "your-project-id";
+    // Location of the secret.
+    String locationId = "your-location-id";
+    // Resource ID of the secret to create.
+    String secretId = "your-secret-id";
+    // This is the time in seconds from now when the secret will expire.
+    long expireTimeSeconds = 86400; // 24 hours
+    createRegionalSecretWithExpiration(projectId, locationId, secretId, expireTimeSeconds);
+  }
+
+  // Create a new regional secret with an expiration time.
+  public static Secret createRegionalSecretWithExpiration(
+      String projectId, String locationId, String secretId, long expireTimeSeconds) 
+      throws IOException {
+    
+    // Endpoint to call the regional secret manager sever
+    String apiEndpoint = String.format("secretmanager.%s.rep.googleapis.com:443", locationId);
+    SecretManagerServiceSettings secretManagerServiceSettings =
+        SecretManagerServiceSettings.newBuilder().setEndpoint(apiEndpoint).build();
+    
+    // Initialize the client that will be used to send requests. This client only needs to be
+    // created once, and can be reused for multiple requests.
+    try (SecretManagerServiceClient client = 
+        SecretManagerServiceClient.create(secretManagerServiceSettings)) {
+      // Build the parent name from the project.
+      LocationName location = LocationName.of(projectId, locationId);
+
+      // Calculate the expiration time.
+      Instant expireTime = Instant.now().plusSeconds(expireTimeSeconds);
+      Timestamp expireTimestamp = Timestamp.newBuilder()
+          .setSeconds(expireTime.getEpochSecond())
+          .setNanos(expireTime.getNano())
+          .build();
+
+      // Build the regional secret to create with expiration time.
+      Secret secret =
+          Secret.newBuilder()
+              .setExpireTime(expireTimestamp)
+              .build();
+
+      // Create the regional secret.
+      Secret createdSecret = client.createSecret(location.toString(), secretId, secret);
+      System.out.printf("Created secret %s with expire time\n", createdSecret.getName());
+
+      return createdSecret;
+    }
+  }
+}
+// [END secretmanager_create_regional_secret_with_expiration]

secretmanager/src/main/java/secretmanager/regionalsamples/DeleteRegionalSecretExpiration.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package secretmanager.regionalsamples;
+
+// [START secretmanager_delete_regional_secret_expiration]
+import com.google.cloud.secretmanager.v1.Secret;
+import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
+import com.google.cloud.secretmanager.v1.SecretManagerServiceSettings;
+import com.google.cloud.secretmanager.v1.SecretName;
+import com.google.protobuf.FieldMask;
+import com.google.protobuf.util.FieldMaskUtil;
+import java.io.IOException;
+
+public class DeleteRegionalSecretExpiration {
+
+  public static void main(String[] args) throws IOException {
+    // TODO(developer): Replace these variables before running the sample.
+    
+    // Your GCP project ID.
+    String projectId = "your-project-id";
+    // Location of the secret.
+    String locationId = "your-location-id";
+    // Resource ID of the secret to update.
+    String secretId = "your-secret-id";
+    deleteRegionalSecretExpiration(projectId, locationId, secretId);
+  }
+
+  // Delete the expiration time from an existing regional secret.
+  public static Secret deleteRegionalSecretExpiration(
+      String projectId, String locationId, String secretId) throws IOException {
+    
+    // Endpoint to call the regional secret manager sever
+    String apiEndpoint = String.format("secretmanager.%s.rep.googleapis.com:443", locationId);
+    SecretManagerServiceSettings secretManagerServiceSettings =
+        SecretManagerServiceSettings.newBuilder().setEndpoint(apiEndpoint).build();
+    
+    // Initialize the client that will be used to send requests. This client only needs to be
+    // created once, and can be reused for multiple requests.
+    try (SecretManagerServiceClient client = 
+        SecretManagerServiceClient.create(secretManagerServiceSettings)) {
+      // Build the secret name.
+      SecretName secretName = 
+          SecretName.ofProjectLocationSecretName(projectId, locationId, secretId);
+
+      // Build the updated secret without expiration time.
+      Secret secret =
+          Secret.newBuilder()
+              .setName(secretName.toString())
+              .build();
+
+      // Build the field mask to clear the expiration time.
+      FieldMask fieldMask = FieldMaskUtil.fromString("expire_time");
+
+      // Update the secret to remove expiration.
+      Secret updatedSecret = client.updateSecret(secret, fieldMask);
+      System.out.printf("Deleted expiration from secret %s\n", 
+          updatedSecret.getName());
+
+      return updatedSecret;
+    }
+  }
+}
+// [END secretmanager_delete_regional_secret_expiration]