Update ADK doc according to issue #1587 - 13

[adk-bot]

13. Secret Manager Integration

Doc file: docs/integrations/secret-manager.md

Current state:

The documentation advises users to use Google Cloud Secret Manager for storing credentials, but there is no documentation on the new built-in ADK SecretManagerClient.

Proposed Change:

Create a new integration page for Google Cloud Secret Manager. Explain that ADK now includes a SecretManagerClient (google.adk.integrations.secret_manager.secret_client) which simplifies retrieving secrets. Provide an example of how to instantiate it (using ADC, an auth token, or a service account JSON string) and how to call get_secret(resource_name) to securely fetch API keys or tokens for use with ADK tools.

Reasoning:
This is a new official integration (mentioned in the release summary) that makes it much easier for developers to securely load credentials in production deployments without having to manually set up the standard GCP SDK clients.

Reference: src/google/adk/integrations/secret_manager/secret_client.py

[netlify]

✅ Deploy Preview for adk-docs-preview ready!

Name	Link
🔨 Latest commit	2476906
🔍 Latest deploy log	https://app.netlify.com/projects/adk-docs-preview/deploys/69d80bf2114892000747e83a
😎 Deploy Preview	https://deploy-preview-1610--adk-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[jcwriter74]

7 Secret Manager Integration

Doc file: docs/integrations/secret-manager.md
Current state:
The documentation advises users to use Google Cloud Secret Manager for storing credentials, but there is no documentation on the new built-in ADK SecretManagerClient.

Proposed Change:
Create a new integration page for Google Cloud Secret Manager. Explain that ADK now includes a SecretManagerClient (google.adk.integrations.secret_manager.secret_client) which simplifies retrieving secrets. Provide an example of how to instantiate it (using ADC, an auth token, or a service account JSON string) and how to call get_secret(resource_name) to securely fetch API keys or tokens for use with ADK tools.

Reasoning:
This is a new official integration (mentioned in the release summary) that makes it much easier for developers to securely load credentials in production deployments without having to manually set up the standard GCP SDK clients.
Reference: src/google/adk/integrations/secret_manager/secret_client.py

Prerequisites:

Installation:

Create a new integration page for Google Cloud Secret Manager.
Explain that ADK now includes a SecretManagerClient (google.adk.integrations.secret_manager.secret_client.py) which simplifies retrieving secrets.
SecretManagerClient (google.adk.integrations.secret_manager.secret_client.py) class is a client for interacting with Google Cloud Secret Manager. This class provides a simplified interface for retrieving secrets from Secret Manager, handling authentication using either a service account JSON keyfile (passed as a string) or a preexisting authorization token.

'''

Attributes:
      _credentials:  Google Cloud credentials object (ServiceAccountCredentials or Credentials).
      _client: Secret Manager client instance

'''

• Provide an example of how to instantiate it (using ADC, an auth token, or a service account JSON string).

Using ADC

# Instantiating without arguments uses ADC automatically
''client = SecretManagerClient()

# Example usage
# secret_value = client.get_secret("projects/my-project/secrets/my-secret/versions/latest")''

Using auth token

auth_token = "ya29.your-access-token-string"
client = SecretManagerClient(auth_token=auth_token)

Using service account JSON string

import json

# Your service account JSON as a string
sa_json_string = """
{
  "type": "service_account",
  "project_id": "your-project-id",
  "private_key_id": "...",
  "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
  "client_email": "...",
  "client_id": "...",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "..."
}
"""
client = SecretManagerClient(service_account_json=sa_json_string)

Another to instantiate how to call get_secret(resource_name) to securely fetch API keys or tokens for use with ADK tools.

def get_secret(self, resource_name: str) -> str:
    """Retrieves a secret from Google Cloud Secret Manager.
        Args:
        resource_name: The full resource name of the secret, in the format
          "projects/*/secrets/*/versions/*".  Usually you want the "latest"
          version, e.g.,
          "projects/my-project/secrets/my-secret/versions/latest".
     Returns:
        The secret payload as a string.
    Raises:
        google.api_core.exceptions.GoogleAPIError: If the Secret Manager API
            returns an error (e.g., secret not found, permission denied).
        Exception: For other unexpected errors.
   """

Reviewed using:

• Duckie
• Google AI Studio