Skip to main content
Glama
su-record

Hi-GCloud

by su-record
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Local

gcp_secret_list

Read-onlyIdempotent

Retrieve and manage Google Cloud Secret Manager secrets. List all secrets or view specific secret versions with optional value display for secure access control.

Instructions

시크릿 목록|비밀 관리|secret manager|secrets - Secret Manager 시크릿을 조회합니다

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
secret_nameNo시크릿 이름 (없으면 목록, 있으면 해당 시크릿의 버전 목록)
project_idNoGCP 프로젝트 ID (기본: 현재 설정된 프로젝트)
show_valueNo시크릿 값 표시 여부 (기본: false, 보안 주의!)
versionNo조회할 버전 (기본: latest)latest
formatNo출력 형식 (기본: text)text

Implementation Reference

  • src/gcp/secret.ts:54-201 (handler)
    The main asynchronous handler function that implements the gcp_secret_list tool. It handles listing secrets, secret versions, or retrieving secret values using gcloud CLI commands, with support for JSON/text output and error handling.
    export async function gcpSecretList(args: GcpSecretListArgs) {
  try {
    const projectId = await getProjectId(args.project_id);

    if (args.secret_name) {
      if (args.show_value) {
        // Get secret value
        const version = args.version || 'latest';
        const command = `secrets versions access ${version} --secret=${args.secret_name} --project=${projectId}`;
        const result = await executeGcloud(command, 15000);

        const secretValue = result.stdout.trim();

        if (args.format === 'json') {
          return {
            content: [
              {
                type: 'text',
                text: JSON.stringify({
                  project: projectId,
                  secret: args.secret_name,
                  version,
                  value: secretValue,
                }, null, 2),
              },
            ],
          };
        }

        return {
          content: [
            {
              type: 'text',
              text: `🔐 시크릿: ${args.secret_name}\n버전: ${version}\n\n값:\n${secretValue}`,
            },
          ],
        };
      } else {
        // Get secret versions
        const command = `secrets versions list ${args.secret_name} --project=${projectId} --format=json`;
        const result = await executeGcloud(command, 15000);

        let versions: any[] = [];
        try {
          versions = JSON.parse(result.stdout || '[]');
        } catch {
          versions = [];
        }

        const versionList = versions.map((v: any) => ({
          name: v.name?.split('/').pop(),
          state: v.state,
          created: v.createTime,
        }));

        if (args.format === 'json') {
          return {
            content: [
              {
                type: 'text',
                text: JSON.stringify({
                  project: projectId,
                  secret: args.secret_name,
                  versions: versionList,
                }, null, 2),
              },
            ],
          };
        }

        const lines = ['🔐 시크릿 버전 목록: ' + args.secret_name, ''];
        versionList.forEach((v) => {
          const stateEmoji = v.state === 'ENABLED' ? '✅' : v.state === 'DISABLED' ? '⏸️' : '❌';
          lines.push(`  ${stateEmoji} ${v.name} - ${v.state}`);
        });

        return {
          content: [
            {
              type: 'text',
              text: lines.join('\n'),
            },
          ],
        };
      }
    } else {
      // List all secrets
      const command = `secrets list --project=${projectId} --format=json`;
      const result = await executeGcloud(command, 15000);

      let secrets: any[] = [];
      try {
        secrets = JSON.parse(result.stdout || '[]');
      } catch {
        secrets = [];
      }

      const secretList = secrets.map((s: any) => ({
        name: s.name?.split('/').pop(),
        created: s.createTime,
        labels: s.labels,
      }));

      if (args.format === 'json') {
        return {
          content: [
            {
              type: 'text',
              text: JSON.stringify({
                project: projectId,
                totalSecrets: secretList.length,
                secrets: secretList,
              }, null, 2),
            },
          ],
        };
      }

      const lines = ['🔐 Secret Manager 시크릿 목록', `프로젝트: ${projectId}`, ''];
      if (secretList.length === 0) {
        lines.push('시크릿이 없습니다.');
      } else {
        secretList.forEach((s) => {
          lines.push(`  🔑 ${s.name}`);
        });
      }

      return {
        content: [
          {
            type: 'text',
            text: lines.join('\n'),
          },
        ],
      };
    }
  } catch (error: any) {
    return {
      content: [
        {
          type: 'text',
          text: formatError(error),
        },
      ],
      isError: true,
    };
  }
}
  • src/gcp/secret.ts:4-44 (schema)
    The tool definition including name, description, annotations, and input schema for parameters like secret_name, project_id, show_value, version, and format.
    export const gcpSecretListDefinition = {
  name: 'gcp_secret_list',
  description: '시크릿 목록|비밀 관리|secret manager|secrets - Secret Manager 시크릿을 조회합니다',
  annotations: {
    title: 'Secret Manager 조회',
    readOnlyHint: true,
    destructiveHint: false,
    idempotentHint: true,
    openWorldHint: true,
  },
  inputSchema: {
    type: 'object' as const,
    properties: {
      secret_name: {
        type: 'string',
        description: '시크릿 이름 (없으면 목록, 있으면 해당 시크릿의 버전 목록)',
      },
      project_id: {
        type: 'string',
        description: 'GCP 프로젝트 ID (기본: 현재 설정된 프로젝트)',
      },
      show_value: {
        type: 'boolean',
        description: '시크릿 값 표시 여부 (기본: false, 보안 주의!)',
        default: false,
      },
      version: {
        type: 'string',
        description: '조회할 버전 (기본: latest)',
        default: 'latest',
      },
      format: {
        type: 'string',
        enum: ['text', 'json'],
        description: '출력 형식 (기본: text)',
        default: 'text',
      },
    },
    required: [],
  },
};
  • src/index.ts:77-89 (registration)
    The gcpSecretListDefinition is included in the 'tools' array, which is returned by the ListToolsRequest handler to register the tool with the MCP server.
    const tools = [
  gcpSetupDefinition,
  gcpLogsReadDefinition,
  gcpRunStatusDefinition,
  gcpRunLogsDefinition,
  gcpSqlQueryDefinition,
  gcpSqlProxyDefinition,
  gcpStorageListDefinition,
  gcpSecretListDefinition,
  gcpAuthStatusDefinition,
  gcpServicesListDefinition,
  gcpBillingInfoDefinition,
];
  • src/index.ts:225-226 (registration)
    In the central CallToolRequest handler, the 'gcp_secret_list' case dispatches to the gcpSecretList handler function.
    case 'gcp_secret_list':
  return await gcpSecretList(args as any) as CallToolResult;

Tool Definition Quality

B3.1/5.0
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already provide readOnlyHint=true, destructiveHint=false, openWorldHint=true, and idempotentHint=true, covering safety and idempotency. The description adds minimal behavioral context: it mentions '보안 주의!' (security caution) in the parameter description for show_value, but this is redundant with the schema. No additional traits like rate limits, authentication needs, or pagination behavior are disclosed. The description doesn't contradict annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is brief but front-loaded with a keyword list ('시크릿 목록|비밀 관리|secret manager|secrets') that is somewhat redundant with the core statement. The single sentence 'Secret Manager 시크릿을 조회합니다' is clear, but the initial keywords add noise without significant value. It's concise overall but could be more structured by eliminating the keyword repetition.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (5 parameters, no output schema) and rich annotations (covering safety and idempotency), the description is minimally adequate. It states the purpose but lacks details on output format, error handling, or integration with sibling tools (e.g., gcp_setup for authentication). The schema handles parameters well, but the description doesn't compensate for the missing output schema or provide context beyond basic retrieval.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, with all parameters well-documented in the schema (e.g., secret_name's dual behavior, project_id default, show_value security warning). The description adds no parameter semantics beyond what's in the schema—it only restates the tool's purpose without elaborating on parameter interactions or usage examples. With high schema coverage, the baseline score of 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Secret Manager 시크릿을 조회합니다' (retrieves Secret Manager secrets). It specifies the resource (Secret Manager secrets) and verb (retrieve/lookup), though it doesn't explicitly differentiate from sibling tools like gcp_storage_list or gcp_services_list beyond the domain context. The Korean/English mix and multiple keywords at the beginning ('시크릿 목록|비밀 관리|secret manager|secrets') are somewhat redundant but still convey the core function.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention any prerequisites (e.g., authentication setup via gcp_setup), compare it to other secret-related tools (none exist in siblings), or specify scenarios where it's appropriate (e.g., for listing vs. detailed retrieval). Usage is implied only through the tool name and description text.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/su-record/hi-gcloud'

If you have feedback or need assistance with the MCP directory API, please join our Discord server