// [END secretmanager_iam_grant_access] // [START secretmanager_iam_revoke_access] /// <summary> /// Revoke a user or account access to the secret. /// </summary> /// <param name="projectId">ID of the project where the secret resides.</param> /// <param name="secretId">ID of the secret.</param> /// <param name="member">IAM member to revoke with user: or serviceAccount: prefix</param> /// <example> /// Revoke a user or account access to the secret. /// <code>IAMRevokeAccess("my-project", "my-secret", "user:[email protected]")</code> /// </example> public static void IAMRevokeAccess(string projectId, string secretId, string member) { SecretManagerServiceClient client = SecretManagerServiceClient.Create(); // Create the request to get the current IAM policy. var getRequest = new GetIamPolicyRequest { ResourceAsResourceName = new SecretName(projectId, secretId), }; // Get the current IAM policy. var policy = client.GetIamPolicy(getRequest); // Remove the user to the list of bindings. policy.RemoveRoleMember("roles/secretmanager.secretAccessor", member); // Create the request to update the IAM policy. var setRequest = new SetIamPolicyRequest { ResourceAsResourceName = new SecretName(projectId, secretId), Policy = policy, }; // Save the updated IAM policy. client.SetIamPolicy(setRequest); Console.WriteLine($"Updated IAM policy for {secretId}"); }
public Policy IamGrantAccess( string projectId = "my-project", string secretId = "my-secret", string member = "user:[email protected]") { // Create the client. SecretManagerServiceClient client = SecretManagerServiceClient.Create(); // Build the resource name. SecretName secretName = new SecretName(projectId, secretId); // Get current policy. Policy policy = client.GetIamPolicy(new GetIamPolicyRequest { ResourceAsResourceName = secretName, }); // Add the user to the list of bindings. policy.AddRoleMember("roles/secretmanager.secretAccessor", member); // Save the updated policy. policy = client.SetIamPolicy(new SetIamPolicyRequest { ResourceAsResourceName = secretName, Policy = policy, }); return(policy); }