Listing all secret version Alias in gcp secret-manager through .net

Question

Like the title says, I've been trying to access all the secret version alias in a gcp secret but to no success. When trying to get VersionAliases from a Secret I always only get one version and nothing more even tho I know I added several more and I can see them in gcp console. Bellow it's my code that I expected to work:

var secret = await client.GetSecretAsync(secretName);
foreach (var versionKey in secret.VersionAliases.Select(version => version.Key))
{
    versionAlias = versionKey;
    value = await ReadAsync(client, secretsEnumerator.Current.SecretName, versionKey);

    if (value != null)
        result.Add(versionAlias, value);
}

My ultimate goal is to be able to access certain secrets through an Id that is not the classic int that is used as a version Id in the secret-manager. This Alias system seems to me it's the way to go but different approaches are also welcome.

Answer 1

Since you can get one version, I assume that the service account used by your application has the necessary permissions to list and access the secret versions. The issue might be with the 'GetSecretAsync' method, which may only retrieve the latest version by default.

You can retrieve all the version aliases for a GCP secret and access their values by using the 'ListSecretVersionsAsync' method.

Here's an example:

var secretVersions = await client.ListSecretVersionsAsync(new ListSecretVersionsRequest
{
    Parent = secretName
});

foreach (var version in secretVersions)
{
    var versionAlias = version.Alias;
    var value = await ReadAsync(client, secretName, versionAlias);

    if (value != null)
    {
        result.Add(versionAlias, value);
    }
}