Create a parameter

This page describes how to create a parameter. A parameter acts as a dynamic variable for your application, holding key configuration values like database connection strings, feature flags, or service endpoints.

Parameters can store various types of data, including:

  • Structured data like YAML or JSON for organized, machine-readable information.
  • Unstructured data such as plain text or binary content.

You can create both global and regional parameters in Parameter Manager.

The following table explains the key differences between the global and regional parameters.

Feature Global parameters Regional parameters
Storage Stored centrally Stored within a specific location
Access Standard API endpoint Regional endpoint corresponding to the location of the parameter
Use cases

Parameters that apply to your application or service regardless of where the application or service is running:

  • Default language settings
  • API keys

Parameters that vary based on the location where your application is deployed:

  • Database connection strings for a regional database instance
  • Feature flags that are enabled or disabled for specific locations

Before you begin

  1. Prepare your environment for Parameter Manager.

  2. If you haven't already, then set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs.

    Select the tab for how you plan to use the samples on this page:

    Console

    When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

    gcloud

    In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

    REST

    To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

      After installing the Google Cloud CLI, initialize it by running the following command: 

      gcloud init

      If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

    For more information, see Authenticate for using REST in the Google Cloud authentication documentation.

Required roles

To get the permissions that you need to create a parameter, ask your administrator to grant you the Parameter Manager Admin (roles/parametermanager.admin) IAM role on the project, folder, or organization. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Create a parameter to store structured data

To create a parameter for storing structured data, use one of the following methods:

Global parameters

Console

  1. In the Google Cloud console, go to the Secret Manager page.

    Go to Secret Manager

  2. Click Parameter Manager to go to the Parameter Manager page, and then click Create parameter.

  3. In the Create parameter page, enter the parameter name.

  4. To specify the format in which the parameter stores data, select either YAML or JSON in the Parameter format section.

  5. To create a global parameter, select Multi-region in the Location section, and then select global (Global) from the Region list.

  6. Optional: To add a label to your parameter resource, click Add label, and then define the label key and value.

  7. Click Create.

gcloud

Before using any of the command data below, make the following replacements:

  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.
  • FORMAT: the data type or format of the parameter's value, such as YAML or JSON.

Execute the following command:

Linux, macOS, or Cloud Shell

gcloud parametermanager parameters create PARAMETER_ID --location=global --parameter-format=FORMAT

Windows (PowerShell)

gcloud parametermanager parameters create PARAMETER_ID --location=global --parameter-format=FORMAT

Windows (cmd.exe)

gcloud parametermanager parameters create PARAMETER_ID --location=global --parameter-format=FORMAT

You should receive a response similar to the following:

Created parameter [app_config].

REST

Before using any of the request data, make the following replacements:

  • PROJECT_ID: the Google Cloud project ID.
  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.

HTTP method and URL: 

POST https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID

Request JSON body: 

{"format": "YAML"}

To send your request, choose one of these options:

curl

Save the request body in a file named request.json, and execute the following command: 

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID"

PowerShell

Save the request body in a file named request.json, and execute the following command: 

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{
  "name": "projects/production-1/locations/global/parameters/app_config",
  "createTime": "2024-10-15T08:39:05.191747694Z",
  "updateTime": "2024-10-15T08:39:05.191747694Z",
  "format": "YAML",
  "policyMember": {
    "iamPolicyUidPrincipal": "principal://parametermanager.googleapis.com/projects/567445493557/uid/locations/global/parameters/c86ca5bc-f4c2-439d-b62c-d578b4b78b12"
  }
}

Python

To run this code, first set up a Python development environment and install the Secret Manager Python SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope. 

def create_structured_param(
    project_id: str, parameter_id: str, format_type: parametermanager_v1.ParameterFormat
) -> parametermanager_v1.Parameter:
    """
    Creates a parameter in the global location of the specified
    project with specified format using the Google Cloud Parameter Manager SDK.

    Args:
        project_id (str): The ID of the project where
        the parameter is to be created.
        parameter_id (str): The ID to assign to the new parameter.
        This ID must be unique within the project.
        format_type (parametermanager_v1.ParameterFormat): The format type of
        the parameter (UNFORMATTED, YAML, JSON).

    Returns:
        parametermanager_v1.Parameter: An object representing the
        newly created parameter.

    Example:
        create_structured_param(
            "my-project",
            "my-global-parameter",
            parametermanager_v1.ParameterFormat.JSON
        )
    """
    # Import the necessary library for Google Cloud Parameter Manager.
    from google.cloud import parametermanager_v1

    # Create the Parameter Manager client.
    client = parametermanager_v1.ParameterManagerClient()

    # Build the resource name of the parent project in the global location.
    parent = client.common_location_path(project_id, "global")

    # Define the parameter creation request with the specified format.
    request = parametermanager_v1.CreateParameterRequest(
        parent=parent,
        parameter_id=parameter_id,
        parameter=parametermanager_v1.Parameter(format_=format_type),
    )

    # Create the parameter.
    response = client.create_parameter(request=request)

    # Print the newly created parameter name.
    print(f"Created parameter {response.name} with format {response.format_.name}")

Regional parameters

Console

  1. In the Google Cloud console, go to the Secret Manager page.

    Go to Secret Manager

  2. Click Parameter Manager to go to the Parameter Manager page, and then click Create parameter.

  3. In the Create parameter page, enter the parameter name.

  4. To specify the format in which the parameter stores data, select either YAML or JSON in the Parameter format section.

  5. To create a regional parameter, select Region in the Location section, and then select the location from the Region list.

  6. Optional: To add a label to your parameter resource, click Add label, and then define the label key and value.

  7. Click Create.

gcloud

Before using any of the command data below, make the following replacements:

  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.
  • LOCATION: the Google Cloud location of the parameter.
  • FORMAT: the data type or format of the parameter's value, such as YAML or JSON.

Execute the following command:

Linux, macOS, or Cloud Shell

gcloud parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=FORMAT

Windows (PowerShell)

gcloud parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=FORMAT

Windows (cmd.exe)

gcloud parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=FORMAT

You should receive a response similar to the following:

Created parameter [app_config].

REST

Before using any of the request data, make the following replacements:

  • LOCATION: the Google Cloud location of the parameter.
  • PROJECT_ID: the Google Cloud project ID.
  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.

HTTP method and URL: 

POST https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID

Request JSON body: 

{"format": "YAML"}

To send your request, choose one of these options:

curl

Save the request body in a file named request.json, and execute the following command: 

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID"

PowerShell

Save the request body in a file named request.json, and execute the following command: 

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{
  "name": "projects/production-1/locations/us-central1/parameters/app_config",
  "createTime": "2024-10-30T05:27:28.934719122Z",
  "updateTime": "2024-10-30T05:27:28.934719122Z",
  "format": "YAML",
  "policyMember": {
    "iamPolicyUidPrincipal": "principal://parametermanager.googleapis.com/projects/463050620945/uid/locations/us-central1/parameters/6ffe4045-0778-490a-a786-d77b124e2613"
  }
}

Python

To run this code, first set up a Python development environment and install the Secret Manager Python SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope. 

#!/usr/bin/env python

# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
"""
command line application and sample code
for creating a new formatted regional parameter.
"""

from google.cloud import parametermanager_v1


def create_structured_regional_param(
    project_id: str,
    location_id: str,
    parameter_id: str,
    format_type: parametermanager_v1.ParameterFormat,
) -> parametermanager_v1.Parameter:
    """
    Creates a parameter in the specified region of the specified
    project using the Google Cloud Parameter Manager SDK. The parameter is
    created with the specified format type.

    Args:
        project_id (str): The ID of the project where
        the parameter is to be created.
        location_id (str): The ID of the region where
        the parameter is to be created.
        parameter_id (str): The ID to assign to the new parameter.
        This ID must be unique within the project.
        format_type (parametermanager_v1.ParameterFormat): The format type of
        the parameter (UNFORMATTED, YAML, JSON).

    Returns:
        parametermanager_v1.Parameter: An object representing the
        newly created parameter.

    Example:
        create_structured_regional_param(
            "my-project",
            "my-regional-parameter",
            "us-central1",
            parametermanager_v1.ParameterFormat.JSON
        )
    """
    # Import the necessary library for Google Cloud Parameter Manager.
    from google.cloud import parametermanager_v1

    # Create the Parameter Manager client with the regional endpoint.
    api_endpoint = f"parametermanager.{location_id}.rep.googleapis.com"
    client = parametermanager_v1.ParameterManagerClient(
        client_options={"api_endpoint": api_endpoint}
    )

    # Build the resource name of the parent project in the specified region.
    parent = client.common_location_path(project_id, location_id)

    # Define the parameter creation request with the specified format.
    request = parametermanager_v1.CreateParameterRequest(
        parent=parent,
        parameter_id=parameter_id,
        parameter=parametermanager_v1.Parameter(format_=format_type),
    )

    # Create the parameter.
    response = client.create_parameter(request=request)

    # Print the newly created parameter name.
    print(
        f"Created regional parameter: {response.name} "
        f"with format {response.format_.name}"
    )

    return response

Create a parameter to store unstructured data

To create a parameter for storing unstructured data, use one of the following methods:

Global parameters

Console

  1. In the Google Cloud console, go to the Secret Manager page.

    Go to Secret Manager

  2. Click Parameter Manager to go to the Parameter Manager page, and then click Create parameter.

  3. In the Create parameter page, enter the parameter name.

  4. To create a parameter that stores unformatted data, select Unformatted in the Parameter format section.

  5. To create a global parameter, select Multi-region in the Location section, and then select global (Global) from the Region list.

  6. Optional: To add a label to your parameter resource, click Add label, and then define the label key and value.

  7. Click Create.

gcloud

Before using any of the command data below, make the following replacements:

  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.

Execute the following command:

Linux, macOS, or Cloud Shell

gcloud parametermanager parameters create PARAMETER_ID --location=global --parameter-format=UNFORMATTED

Windows (PowerShell)

gcloud parametermanager parameters create PARAMETER_ID --location=global --parameter-format=UNFORMATTED

Windows (cmd.exe)

gcloud parametermanager parameters create PARAMETER_ID --location=global --parameter-format=UNFORMATTED

You should receive a response similar to the following:

Created parameter [allowed_ip_ranges].

REST

Before using any of the request data, make the following replacements:

  • PROJECT_ID: the Google Cloud project ID.
  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.

HTTP method and URL: 

POST https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID

Request JSON body: 

{"format": "UNFORMATTED"}

To send your request, choose one of these options:

curl

Save the request body in a file named request.json, and execute the following command: 

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID"

PowerShell

Save the request body in a file named request.json, and execute the following command: 

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://parametermanager.googleapis.com/v1/projects/PROJECT_ID/locations/global/parameters?parameter_id=PARAMETER_ID" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{
  "name": "projects/production-1/locations/global/parameters/allowed_ip_ranges",
  "createTime": "2024-10-15T08:31:53.250487112Z",
  "updateTime": "2024-10-15T08:31:53.250487112Z",
  "format": "UNFORMATTED",
  "policyMember": {
    "iamPolicyUidPrincipal": "principal://parametermanager.googleapis.com/projects/567445493557/uid/locations/global/parameters/c0100d79-7c8d-4da3-8eb6-fe2a35843d9b"
  }
}

Python

To run this code, first set up a Python development environment and install the Secret Manager Python SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope. 

def create_param(project_id: str, parameter_id: str) -> parametermanager_v1.Parameter:
    """
    Creates a parameter with default format (Unformatted)
    in the global location of the specified
    project using the Google Cloud Parameter Manager SDK.

    Args:
        project_id (str): The ID of the project where
        the parameter is to be created.
        parameter_id (str): The ID to assign to the new parameter.
        This ID must be unique within the project.

    Returns:
        parametermanager_v1.Parameter: An object representing
        the newly created parameter.

    Example:
        create_param(
            "my-project",
            "my-global-parameter"
        )
    """
    # Import the necessary library for Google Cloud Parameter Manager.
    from google.cloud import parametermanager_v1

    # Create the Parameter Manager client.
    client = parametermanager_v1.ParameterManagerClient()

    # Build the resource name of the parent project in the global location.
    parent = client.common_location_path(project_id, "global")

    # Define the parameter creation request.
    request = parametermanager_v1.CreateParameterRequest(
        parent=parent,
        parameter_id=parameter_id,
    )

    # Create the parameter.
    response = client.create_parameter(request=request)

    # Print the newly created parameter name.
    print(f"Created parameter: {response.name}")

Regional parameters

Console

  1. In the Google Cloud console, go to the Secret Manager page.

    Go to Secret Manager

  2. Click Parameter Manager to go to the Parameter Manager page, and then click Create parameter.

  3. In the Create parameter page, enter the parameter name.

  4. To create a parameter that stores unformatted data, select Unformatted in the Parameter format section.

  5. To create a regional parameter, select Region in the Location section, and then select the location from the Region list.

  6. Optional: To add a label to your parameter resource, click Add label, and then define the label key and value.

  7. Click Create.

gcloud

Before using any of the command data below, make the following replacements:

  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.
  • LOCATION: the Google Cloud location of the parameter.

Execute the following command:

Linux, macOS, or Cloud Shell

gcloud parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=UNFORMATTED

Windows (PowerShell)

gcloud parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=UNFORMATTED

Windows (cmd.exe)

gcloud parametermanager parameters create PARAMETER_ID --location=LOCATION --parameter-format=UNFORMATTED

You should receive a response similar to the following:

Created parameter [allowed_ip_ranges].

REST

Before using any of the request data, make the following replacements:

  • LOCATION: the Google Cloud location of the parameter.
  • PROJECT_ID: the Google Cloud project ID.
  • PARAMETER_ID: the name of the new parameter. Parameter names must be 63 characters or less and consist only of English letters (A-Z, a-z), numbers (0-9), dashes (-), and underscores (_). Names can't begin with a dash.

HTTP method and URL: 

POST https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID

Request JSON body: 

{"format": "UNFORMATTED"}

To send your request, choose one of these options:

curl

Save the request body in a file named request.json, and execute the following command: 

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID"

PowerShell

Save the request body in a file named request.json, and execute the following command: 

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://parametermanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/parameters?parameter_id=PARAMETER_ID" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{
  "name": "projects/production-1/locations/europe-west1/parameters/allowed_ip_ranges",
  "createTime": "2024-11-08T08:33:05.255559134Z",
  "updateTime": "2024-11-08T08:33:05.255559134Z",
  "format": "UNFORMATTED",
  "policyMember": {
    "iamPolicyUidPrincipal": "principal://parametermanager.googleapis.com/projects/609765466568/uid/locations/europe-west1/parameters/a7787f0d-b033-4f7e-aec0-e8ca4d0b1476"
  }
}

Python

To run this code, first set up a Python development environment and install the Secret Manager Python SDK. On Compute Engine or GKE, you must authenticate with the cloud-platform scope. 

def create_regional_param(
    project_id: str, location_id: str, parameter_id: str
) -> parametermanager_v1.Parameter:
    """
    Creates a regional parameter with default format (Unformatted)
    in the specified location and
    project using the Google Cloud Parameter Manager SDK.

    Args:
        project_id (str): The ID of the project where
        the parameter is to be created.
        location_id (str): The region where the parameter is to be created.
        parameter_id (str): The ID to assign to the new parameter.
        This ID must be unique within the project.

    Returns:
        parametermanager_v1.Parameter: An object representing
        the newly created parameter.

    Example:
        create_regional_param(
            "my-project",
            "us-central1",
            "my-regional-parameter"
        )
    """

    # Import the Parameter Manager client library.
    from google.cloud import parametermanager_v1

    api_endpoint = f"parametermanager.{location_id}.rep.googleapis.com"
    # Create the Parameter Manager client for the specified region.
    client = parametermanager_v1.ParameterManagerClient(
        client_options={"api_endpoint": api_endpoint}
    )

    # Build the resource name of the parent project for the specified region.
    parent = client.common_location_path(project_id, location_id)

    # Define the parameter creation request.
    request = parametermanager_v1.CreateParameterRequest(
        parent=parent,
        parameter_id=parameter_id,
    )

    # Create the parameter.
    response = client.create_parameter(request=request)

    # Print the newly created parameter name.
    print(f"Created regional parameter: {response.name}")

Built-in identities for parameters

Parameters are resource types with built-in identities. This means that each parameter has a unique identifier that distinguishes it from all other resources in your Google Cloud project. This unique identifier is automatically generated when you create a parameter and stored in the iamPolicyUidPrincipal field of the parameter resource.

You can grant roles to the parameter by including the resource's principal identifier in your allow policies when you want the parameter to access Secret Manager resources. For more information, see Built-in identities for resources.

What's next