MY_PROJECT_ID: The ID of the project where the
secure gateway is created.
MY_APPLICATION_ID: The ID of your application, such
as github. The name can be up to 63 characters, and can contain
lowercase letters, numbers, and hyphens. The first character must be a
letter, and the last character can be a letter or number.
MY_APPLICATION_DISPLAY_NAME: The human-readable name
to display.
MY_HOST_NAME: The hostname of your application. For
example, github.com. The hostname can be up to 253 characters
long, and must adhere to one of the following formats:
MY_SECURITY_GATEWAY_ID: The ID of the secure
gateway. The ID can be up to 63 characters, and can contain lowercase
letters, numbers, and hyphens. The first character should be a letter, and
the last character can be a letter or number.
MY_SECURITY_GATEWAY_DISPLAY_NAME: The human-readable
name of the secure gateway. The name can be up to 63 characters long and can
only contain printable characters.
Update a secure gateway
The following example shows how to update the hubs of an existing
secure gateway.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Manage a secure gateway\n\nThis page explains how to complete common secure gateway management tasks.\n\nSet up your shell environment\n-----------------------------\n\nTo streamline the setup process and interact with the secure gateway APIs,\ndefine the following environment variables in your working shell.\n\n- General parameters\n\n API=\"beyondcorp.googleapis.com\"\n API_VERSION=v1\n PROJECT_ID=\u003cvar translate=\"no\"\u003eMY_PROJECT_ID\u003c/var\u003e\n APPLICATION_ID=\u003cvar translate=\"no\"\u003eMY_APPLICATION_ID\u003c/var\u003e\n APPLICATION_DISPLAY_NAME=\"\u003cvar translate=\"no\"\u003eMY_APPLICATION_DISPLAY_NAME\u003c/var\u003e\"\n HOST_NAME=\u003cvar translate=\"no\"\u003eMY_HOST_NAME\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eMY_PROJECT_ID\u003c/var\u003e: The ID of the project where the secure gateway is created.\n - \u003cvar translate=\"no\"\u003eMY_APPLICATION_ID\u003c/var\u003e: The ID of your application, such as `github`. The name can be up to 63 characters, and can contain lowercase letters, numbers, and hyphens. The first character must be a letter, and the last character can be a letter or number.\n - \u003cvar translate=\"no\"\u003eMY_APPLICATION_DISPLAY_NAME\u003c/var\u003e: The human-readable name to display.\n - \u003cvar translate=\"no\"\u003eMY_HOST_NAME\u003c/var\u003e: The hostname of your application. For\n example, `github.com`. The hostname can be up to 253 characters\n long, and must adhere to one of the following formats:\n\n - A valid IPv4 address\n - A valid IPv6 address\n - A [valid DNS](https://datatracker.ietf.org/doc/html/rfc1034) name\n - An asterisk (\\*)\n - An asterisk (\\*) followed by a valid DNS name\n- Secure gateway parameters\n\n SECURITY_GATEWAY_ID=\u003cvar translate=\"no\"\u003eMY_SECURITY_GATEWAY_ID\u003c/var\u003e\n SECURITY_GATEWAY_DISPLAY_NAME=\"\u003cvar translate=\"no\"\u003eMY_SECURITY_GATEWAY_DISPLAY_NAME\u003c/var\u003e\"\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eMY_SECURITY_GATEWAY_ID\u003c/var\u003e: The ID of the secure gateway. The ID can be up to 63 characters, and can contain lowercase letters, numbers, and hyphens. The first character should be a letter, and the last character can be a letter or number.\n - \u003cvar translate=\"no\"\u003eMY_SECURITY_GATEWAY_DISPLAY_NAME\u003c/var\u003e: The human-readable name of the secure gateway. The name can be up to 63 characters long and can only contain printable characters.\n\nUpdate a secure gateway\n-----------------------\n\nThe following example shows how to update the hubs of an existing\nsecure gateway.\n\n### gcloud\n\n```bash\ngcloud beta beyondcorp security-gateways update ${SECURITY_GATEWAY_ID} \\\n --project=${PROJECT_ID} \\\n --location=global \\\n --hubs=us-central1,us-east1\n \n```\n\n### REST\n\n```bash\ncurl \\\n-H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n-H \"Content-Type: application/json\" \\\n-X PATCH \\\n-d \"{ \\\"hubs\\\": {\\\"us-central1\\\": {}, \\\"us-east1\\\": {}} }\" \\\n\"https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}?update_mask=hubs\"\n \n```\n\nGet a secure gateway's details\n------------------------------\n\nTo get the details for a secure gateway, run the following command.\n\n### gcloud\n\n```bash\ngcloud beta beyondcorp security-gateways describe ${SECURITY_GATEWAY_ID} \\\n --project=${PROJECT_ID} \\\n --location=global\n \n```\n\n### REST\n\n```bash\ncurl \\\n-H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n-H \"Content-Type: application/json\" \\\n\"https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}\"\n \n```\n\nList secure gateways\n--------------------\n\nTo list all of the secure gateways in a project, run the following command.\n\n### gcloud\n\n```bash\ngcloud beta beyondcorp security-gateways list \\\n --project=${PROJECT_ID} \\\n --location=global\n \n```\n\n### REST\n\n```bash\ncurl \\\n-H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n-H \"Content-Type: application/json\" \\\n\"https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways\"\n \n```\n\nDelete a secure gateway\n-----------------------\n\nTo delete a secure gateway, run the following command.\n\n### gcloud\n\n```bash\ngcloud beta beyondcorp security-gateways delete ${SECURITY_GATEWAY_ID} \\\n --project=${PROJECT_ID} \\\n --location=global\n \n```\n\n### REST\n\n```bash\ncurl \\\n-H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n-H \"Content-Type: application/json\" \\\n-X DELETE \\\n\"https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}\"\n \n```\n\nUpdate an application resource\n------------------------------\n\nThe following example shows how to update an existing application.\nAllowed editable fields include the following:\n\n- `display_name`\n- `endpoint_matchers`\n\nYou can use `update_mask` to control which fields are updated.\nThe following example shows how to update the `endpoint_matchers`\nfield:\n\n### gcloud\n\n```bash\ngcloud beta beyondcorp security-gateways applications update ${APPLICATION_ID} \\\n --project=${PROJECT_ID} \\\n --security-gateway=${SECURITY_GATEWAY_ID} \\\n --location=global \\\n --endpoint-matchers=\"hostname=${HOST_NAME}\"\n \n```\n\n### REST\n\n```bash\ncurl \\\n-H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n-H \"Content-Type: application/json\" \\\n-X PATCH \\\n-d \"{ \\\"endpoint_matchers\\\": [{hostname: \\\"${HOST_NAME}\\\"}] }\" \\\n\"https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications/${APPLICATION_ID}?update_mask=endpoint_matchers\"\n \n```\n\nGet the details of an application resource\n------------------------------------------\n\nTo get the details of an application, run the following command.\n\n### gcloud\n\n```bash\ngcloud beta beyondcorp security-gateways applications describe ${APPLICATION_ID} \\\n --project=${PROJECT_ID} \\\n --security-gateway=${SECURITY_GATEWAY_ID} \\\n --location=global\n \n```\n\n### REST\n\n```bash\ncurl \\\n-H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n-H \"Content-Type: application/json\" \\\n\"https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications/${APPLICATION_ID}\"\n \n```\n\nList application resources\n--------------------------\n\nTo list all of the applications in a security gateway, run the following command.\n\n### gcloud\n\n```bash\ngcloud beta beyondcorp security-gateways applications list \\\n --project=${PROJECT_ID} \\\n --security-gateway=${SECURITY_GATEWAY_ID} \\\n --location=global\n \n```\n\n### REST\n\n```bash\ncurl \\\n-H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n-H \"Content-Type: application/json\" \\\n\"https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications\"\n \n```\n\nDelete an application resource\n------------------------------\n\nTo delete an application, run the following command.\n\n### gcloud\n\n```bash\ngcloud beta beyondcorp security-gateways applications delete ${APPLICATION_ID} \\\n --project=${PROJECT_ID} \\\n --security-gateway=${SECURITY_GATEWAY_ID} \\\n --location=global\n \n```\n\n### REST\n\n```bash\ncurl \\\n-H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n-H \"Content-Type: application/json\" \\\n-X DELETE \\\n\"https://${API}/${API_VERSION}/projects/${PROJECT_ID}/locations/global/securityGateways/${SECURITY_GATEWAY_ID}/applications/${APPLICATION_ID}\"\n \n```"]]
