mondoohq
diff --git a/‎.github/actions/spelling/expect.txt‎
Lines changed: 1 addition & 0 deletions b/‎.github/actions/spelling/expect.txt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎providers/gcp/go.mod‎
Lines changed: 1 addition & 1 deletion b/‎providers/gcp/go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎providers/gcp/resources/gcp.lr‎
Lines changed: 68 additions & 0 deletions b/‎providers/gcp/resources/gcp.lr‎
Lines changed: 68 additions & 0 deletions
@@ -146,6 +146,7 @@ sbom
 scim
 scm
 SECRETID
+secretmanager
 SECRETVALUE
 serviceprincipals
 Sflags
 
@@ -19,6 +19,7 @@ require (
 	cloud.google.com/go/recommender v1.13.6
 	cloud.google.com/go/redis v1.18.3
 	cloud.google.com/go/run v1.15.0
+	cloud.google.com/go/secretmanager v1.16.0
 	cloud.google.com/go/serviceusage v1.9.7
 	github.com/aws/smithy-go v1.24.0
 	github.com/cockroachdb/errors v1.12.0
@@ -129,7 +130,6 @@ require (
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/binaryauthorization v1.10.0
 	cloud.google.com/go/compute/metadata v0.9.0 // indirect
-	cloud.google.com/go/secretmanager v1.16.0 // indirect
 	cloud.google.com/go/storage v1.59.0 // indirect
 	dario.cat/mergo v1.0.2 // indirect
 	github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
 
@@ -437,6 +437,8 @@ gcp.project @defaults("name") {
   binaryAuthorization() gcp.project.binaryAuthorizationControl
   // GCP Redis resources
   redis() gcp.project.redisService
+  // GCP Secret Manager resources
+  secretmanager() gcp.project.secretmanagerService
 }
 
 // Google Cloud (GCP) service
@@ -3253,3 +3255,69 @@ private gcp.project.binaryAuthorizationControl.admissionRule {
   // The resource names of the attestors that must attest to a container image
   requireAttestationsBy []string
 }
+
+// Google Cloud (GCP) Secret Manager
+private gcp.project.secretmanagerService {
+  // Project ID
+  projectId string
+  // List of secrets in the current project
+  secrets() []gcp.project.secretmanagerService.secret
+}
+
+// Google Cloud (GCP) Secret Manager secret
+private gcp.project.secretmanagerService.secret @defaults("name createTime") {
+  // Project ID
+  projectId string
+  // Full resource path (projects/*/secrets/*)
+  resourcePath string
+  // Secret name
+  name string
+  // Time the secret was created
+  createTime time
+  // User-assigned labels
+  labels map[string]string
+  // Replication policy configuration
+  replication dict
+  // Pub/Sub topics for event notifications
+  topics []string
+  // Expiration time (if set)
+  expireTime time
+  // Etag of the secret
+  etag string
+  // Rotation policy configuration
+  rotation dict
+  // Version aliases mapping alias names to version numbers
+  versionAliases map[string]int
+  // Custom metadata annotations
+  annotations map[string]string
+  // Version destroy TTL duration
+  versionDestroyTtl time
+  // Customer-managed encryption key names from all replication locations
+  customerManagedEncryption []string
+  // List of secret versions
+  versions() []gcp.project.secretmanagerService.secret.version
+  // IAM policy for this secret
+  iamPolicy() []gcp.resourcemanager.binding
+}
+
+// Google Cloud (GCP) Secret Manager secret version
+private gcp.project.secretmanagerService.secret.version @defaults("name state") {
+  // Full resource path (projects/*/secrets/*/versions/*)
+  resourcePath string
+  // Version number
+  name string
+  // Current state (ENABLED, DISABLED, DESTROYED)
+  state string
+  // Time the version was created
+  created time
+  // Time the version was destroyed
+  destroyed time
+  // Etag of the version
+  etag string
+  // Whether the client specified a payload checksum
+  clientSpecifiedPayloadChecksum bool
+  // Scheduled destroy time (for delayed destruction)
+  scheduledDestroyTime time
+  // Customer-managed encryption status
+  customerManagedEncryption dict
+}