feat(secret_manager): allow to specify an external key id when creating a secret (#958)

scaleway-bot · web-flow · commit c997bb4e77f6 · 2025-04-17T09:10:30.000Z
diff --git a/scaleway-async/scaleway_async/secret/v1beta1/api.py b/scaleway-async/scaleway_async/secret/v1beta1/api.py
@@ -67,6 +67,7 @@ async def create_secret(
         type_: Optional[SecretType] = None,
         path: Optional[str] = None,
         ephemeral_policy: Optional[EphemeralPolicy] = None,
+        key_id: Optional[str] = None,
     ) -> Secret:
         """
         Create a secret.
@@ -80,6 +81,7 @@ async def create_secret(
         :param type_: (Optional.) See the `Secret.Type` enum for a description of values. If not specified, the type is `Opaque`.
         :param path: (Optional.) Location of the secret in the directory structure. If not specified, the path is `/`.
         :param ephemeral_policy: (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
+        :param key_id: (Optional.) The Scaleway's Key Manager key ID will be used to encrypt and decrypt secret versions. If not specified, the Secret Manager will use an internal key.
         :return: :class:`Secret <Secret>`
 
         Usage:
@@ -109,6 +111,7 @@ async def create_secret(
                     type_=type_,
                     path=path,
                     ephemeral_policy=ephemeral_policy,
+                    key_id=key_id,
                 ),
                 self.client,
             ),
diff --git a/scaleway-async/scaleway_async/secret/v1beta1/marshalling.py b/scaleway-async/scaleway_async/secret/v1beta1/marshalling.py
@@ -236,6 +236,12 @@ def unmarshal_Secret(data: Any) -> Secret:
     else:
         args["deletion_requested_at"] = None
 
+    field = data.get("key_id", None)
+    if field is not None:
+        args["key_id"] = field
+    else:
+        args["key_id"] = None
+
     return Secret(**args)
 
 
@@ -532,6 +538,9 @@ def marshal_CreateSecretRequest(
             request.ephemeral_policy, defaults
         )
 
+    if request.key_id is not None:
+        output["key_id"] = request.key_id
+
     return output
 
 
diff --git a/scaleway-async/scaleway_async/secret/v1beta1/types.py b/scaleway-async/scaleway_async/secret/v1beta1/types.py
@@ -303,6 +303,11 @@ class Secret:
     Returns the time at which deletion was requested.
     """
 
+    key_id: Optional[str]
+    """
+    (Optional.) The Scaleway's Key Manager key ID used to encrypt and decrypt secret versions.
+    """
+
 
 @dataclass
 class AccessSecretVersionByPathRequest:
@@ -514,6 +519,11 @@ class CreateSecretRequest:
     (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
     """
 
+    key_id: Optional[str]
+    """
+    (Optional.) The Scaleway's Key Manager key ID will be used to encrypt and decrypt secret versions. If not specified, the Secret Manager will use an internal key.
+    """
+
 
 @dataclass
 class CreateSecretVersionRequest:
diff --git a/scaleway/scaleway/secret/v1beta1/api.py b/scaleway/scaleway/secret/v1beta1/api.py
@@ -67,6 +67,7 @@ def create_secret(
         type_: Optional[SecretType] = None,
         path: Optional[str] = None,
         ephemeral_policy: Optional[EphemeralPolicy] = None,
+        key_id: Optional[str] = None,
     ) -> Secret:
         """
         Create a secret.
@@ -80,6 +81,7 @@ def create_secret(
         :param type_: (Optional.) See the `Secret.Type` enum for a description of values. If not specified, the type is `Opaque`.
         :param path: (Optional.) Location of the secret in the directory structure. If not specified, the path is `/`.
         :param ephemeral_policy: (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
+        :param key_id: (Optional.) The Scaleway's Key Manager key ID will be used to encrypt and decrypt secret versions. If not specified, the Secret Manager will use an internal key.
         :return: :class:`Secret <Secret>`
 
         Usage:
@@ -109,6 +111,7 @@ def create_secret(
                     type_=type_,
                     path=path,
                     ephemeral_policy=ephemeral_policy,
+                    key_id=key_id,
                 ),
                 self.client,
             ),
diff --git a/scaleway/scaleway/secret/v1beta1/marshalling.py b/scaleway/scaleway/secret/v1beta1/marshalling.py
@@ -236,6 +236,12 @@ def unmarshal_Secret(data: Any) -> Secret:
     else:
         args["deletion_requested_at"] = None
 
+    field = data.get("key_id", None)
+    if field is not None:
+        args["key_id"] = field
+    else:
+        args["key_id"] = None
+
     return Secret(**args)
 
 
@@ -532,6 +538,9 @@ def marshal_CreateSecretRequest(
             request.ephemeral_policy, defaults
         )
 
+    if request.key_id is not None:
+        output["key_id"] = request.key_id
+
     return output
 
 
diff --git a/scaleway/scaleway/secret/v1beta1/types.py b/scaleway/scaleway/secret/v1beta1/types.py
@@ -303,6 +303,11 @@ class Secret:
     Returns the time at which deletion was requested.
     """
 
+    key_id: Optional[str]
+    """
+    (Optional.) The Scaleway's Key Manager key ID used to encrypt and decrypt secret versions.
+    """
+
 
 @dataclass
 class AccessSecretVersionByPathRequest:
@@ -514,6 +519,11 @@ class CreateSecretRequest:
     (Optional.) Policy that defines whether/when a secret's versions expire. By default, the policy is applied to all the secret's versions.
     """
 
+    key_id: Optional[str]
+    """
+    (Optional.) The Scaleway's Key Manager key ID will be used to encrypt and decrypt secret versions. If not specified, the Secret Manager will use an internal key.
+    """
+
 
 @dataclass
 class CreateSecretVersionRequest:
