Set up Pub/Sub notifications
Stay organized with collections Save and categorize content based on your preferences.

This document describes how to set up notifications for updates to parameters and parameter versions.

Parameter Manager integrates with Pub/Sub to provide event notifications for changes to both parameters and parameter versions. You can use these notifications to initiate workflows, such as restarting an application when a new parameter version is added, or notifying security engineers when a parameter is deleted. For more information on how to use these notifications to start workflows, see the Pub/Sub documentation.

Before you begin

To set up Parameter Manager, complete the following:
- Create or use an existing project to hold your Parameter Manager resources.
- If necessary, complete the steps mentioned in the Prepare your environment page.
To set up Pub/Sub, complete the following:
- Create or use an existing project to hold your Pub/Sub resources.
- If necessary, enable the Pub/Sub API.
Authenticate to Google Cloud using the following command:
```
    $ gcloud auth login --update-adc
    
```

Create Pub/Sub topics

Follow the Pub/Sub quickstart to create topics in your Pub/Sub project in the Google Cloud console. Alternatively, create topics in the Google Cloud CLI using the following command:

gcloud

Before using any of the command data below, make the following replacements:

PUBSUB_PROJECT_ID: the ID of the project in which to create subscriptions
PUBSUB_TOPIC_NAME: the name of the topic

Execute the following command:

Linux, macOS, or Cloud Shell

gcloud pubsub topics create "projects/PUBSUB_PROJECT_ID/topics/PUBSUB_TOPIC_NAME"

Windows (PowerShell)

gcloud pubsub topics create "projects/PUBSUB_PROJECT_ID/topics/PUBSUB_TOPIC_NAME"

Windows (cmd.exe)

gcloud pubsub topics create "projects/PUBSUB_PROJECT_ID/topics/PUBSUB_TOPIC_NAME"

Retain the option to add a default subscription. Don't select any other option.

Create a sink to route log entries

Configure Cloud Logging to route log entries to your Pub/Sub topic in the project where the log entries originate. To do this, follow these steps:

In the Google Cloud console, go to the Log Router page.
If you use the search bar, select the result with the subheading Logging.
Click Create Sink, enter a name and description, and then click Next.
In the Sink Service menu, select Cloud Pub/Sub topic. Select your Pub/Sub topic, and then click Next.
Select the log entries to include in the sink, and click Next.
Optional: Select log entries to exclude.
Click Create Sink. A dialog appears with the message Sink created confirming the successful creation and permissions for routing matching log entries.
Grant the Pub/Sub Publisher role (roles/pubsub.publisher) to the sink's writer identity. Refer to Set destination permissions for details on obtaining the writer identity and granting roles.

Cloud Logging now sends log entries to your Pub/Sub topic.

Check logs published to Pub/Sub topic

Log entries are generated whenever you perform the following operations:

Create a new parameter or parameter version within Parameter Manager.
Retrieve the details of a specific parameter or parameter version using its identifier.
List all parameters or parameter versions within a specified project.
Modify an existing parameter or parameter version.
Remove a parameter or parameter version.

To view log entries published to your Pub/Sub topic:

Open the subscriber for your topic.
Click Pull messages. The resulting list shows the log entries that match the filter criteria defined in your log sink.