From c62c1e332689aa8d071f42cf23a28aec5701fd3e Mon Sep 17 00:00:00 2001
From: durgesh-ninave-crest <durgesh.ninave@crestdata.ai>
Date: Mon, 21 Jul 2025 20:00:40 +0530
Subject: [PATCH 1/3] chore(secretmanager): Added code samples for delayed
 destroy

---
 ...e_regional_secret_with_delayed_destroy.php | 72 +++++++++++++++++
 .../create_secret_with_delayed_destroy.php    | 73 +++++++++++++++++
 ...isable_regional_secret_delayed_destroy.php | 75 +++++++++++++++++
 .../src/disable_secret_delayed_destroy.php    | 71 ++++++++++++++++
 ...e_regional_secret_with_delayed_destroy.php | 80 +++++++++++++++++++
 .../update_secret_with_delayed_destroy.php    | 76 ++++++++++++++++++
 .../test/regionalsecretmanagerTest.php        | 45 +++++++++++
 secretmanager/test/secretmanagerTest.php      | 42 ++++++++++
 8 files changed, 534 insertions(+)
 create mode 100644 secretmanager/src/create_regional_secret_with_delayed_destroy.php
 create mode 100644 secretmanager/src/create_secret_with_delayed_destroy.php
 create mode 100644 secretmanager/src/disable_regional_secret_delayed_destroy.php
 create mode 100644 secretmanager/src/disable_secret_delayed_destroy.php
 create mode 100644 secretmanager/src/update_regional_secret_with_delayed_destroy.php
 create mode 100644 secretmanager/src/update_secret_with_delayed_destroy.php

diff --git a/secretmanager/src/create_regional_secret_with_delayed_destroy.php b/secretmanager/src/create_regional_secret_with_delayed_destroy.php
new file mode 100644
index 000000000..7ebd4606a
--- /dev/null
+++ b/secretmanager/src/create_regional_secret_with_delayed_destroy.php
@@ -0,0 +1,72 @@
+<?php
+/*
+ * Copyright 2025 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_create_regional_secret_with_delayed_destroy]
+// Import the Secret Manager client library.
+use Google\Cloud\SecretManager\V1\CreateSecretRequest;
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Protobuf\Duration;
+
+/**
+ * @param string $projectId      Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $locationId     Your Google Cloud Location ID (e.g. 'us-central1')
+ * @param string $secretId       Your secret ID (e.g. 'my-secret')
+ * @param int $versionDestroyTtl Your Version Destroy Ttl (e.g. 86400)
+ */
+function create_regional_secret_with_delayed_destroy(string $projectId, string $locationId, string $secretId, int $versionDestroyTtl): void
+{
+    // Specify regional endpoint.
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+
+    // Create the Secret Manager client.
+    $client = new SecretManagerServiceClient($options);
+
+    // Build the resource name of the parent project.
+    $parent = $client->locationName($projectId, $locationId);
+
+    // Build the secret.
+    $secret = new Secret([
+        'version_destroy_ttl' => new Duration([
+            'seconds' => $versionDestroyTtl
+        ])
+    ]);
+
+    // Build the request.
+    $request = CreateSecretRequest::build($parent, $secretId, $secret);
+
+    // Create the secret.
+    $newSecret = $client->createSecret($request);
+
+    // Print the new secret name.
+    printf('Created secret: %s', $newSecret->getName());
+}
+// [END secretmanager_create_regional_secret_with_delayed_destroy]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/create_secret_with_delayed_destroy.php b/secretmanager/src/create_secret_with_delayed_destroy.php
new file mode 100644
index 000000000..a7e40764d
--- /dev/null
+++ b/secretmanager/src/create_secret_with_delayed_destroy.php
@@ -0,0 +1,73 @@
+<?php
+/*
+ * Copyright 2025 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_create_secret_with_delayed_destroy]
+// Import the Secret Manager client library.
+use Google\Cloud\SecretManager\V1\CreateSecretRequest;
+use Google\Cloud\SecretManager\V1\Replication;
+use Google\Cloud\SecretManager\V1\Replication\Automatic;
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Protobuf\Duration;
+
+/**
+ * @param string $projectId      Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId       Your secret ID (e.g. 'my-secret')
+ * @param int $versionDestroyTtl Your Version Destroy Ttl (e.g. 86400)
+ */
+function create_secret_with_delayed_destroy(string $projectId, string $secretId, int $versionDestroyTtl): void
+{
+    // Create the Secret Manager client.
+    $client = new SecretManagerServiceClient();
+
+    // Build the resource name of the parent project.
+    $parent = $client->projectName($projectId);
+
+    // Build the secret.
+    $secret = new Secret([
+        'replication' => new Replication([
+            'automatic' => new Automatic(),
+        ]),
+        'version_destroy_ttl' => new Duration([
+            'seconds' => $versionDestroyTtl
+        ])
+    ]);
+
+    // Build the request.
+    $request = CreateSecretRequest::build($parent, $secretId, $secret);
+
+    // Create the secret.
+    $newSecret = $client->createSecret($request);
+
+    // Print the new secret name.
+    printf('Created secret: %s', $newSecret->getName());
+}
+// [END secretmanager_create_secret_with_delayed_destroy]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/disable_regional_secret_delayed_destroy.php b/secretmanager/src/disable_regional_secret_delayed_destroy.php
new file mode 100644
index 000000000..d6ed2dc52
--- /dev/null
+++ b/secretmanager/src/disable_regional_secret_delayed_destroy.php
@@ -0,0 +1,75 @@
+<?php
+/*
+ * Copyright 2025 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_disable_regional_secret_delayed_destroy]
+// Import the Secret Manager client library.
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\UpdateSecretRequest;
+use Google\Protobuf\FieldMask;
+
+/**
+ * @param string $projectId  Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $locationId Your Google Cloud Location ID (e.g. 'us-central1')
+ * @param string $secretId   Your secret ID (e.g. 'my-secret')
+ */
+function disable_regional_secret_delayed_destroy(string $projectId, string $locationId, string $secretId): void
+{
+    // Specify regional endpoint.
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+
+    // Create the Secret Manager client.
+    $client = new SecretManagerServiceClient($options);
+
+    // Build the resource name of the secret.
+    $name = $client->projectLocationSecretName($projectId, $locationId, $secretId);
+
+    // Build the secret.
+    $secret = new Secret([
+        'name' => $name,
+    ]);
+
+    // Set the field mask.
+    $fieldMask = new FieldMask();
+    $fieldMask->setPaths(['version_destroy_ttl']);
+
+    // Build the request.
+    $request = new UpdateSecretRequest();
+    $request->setSecret($secret);
+    $request->setUpdateMask($fieldMask);
+
+    // Update the secret.
+    $newSecret = $client->updateSecret($request);
+
+    // Print the new secret name.
+    printf('Updated secret: %s', $newSecret->getName());
+}
+// [END secretmanager_disable_regional_secret_delayed_destroy]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/disable_secret_delayed_destroy.php b/secretmanager/src/disable_secret_delayed_destroy.php
new file mode 100644
index 000000000..2e01612a9
--- /dev/null
+++ b/secretmanager/src/disable_secret_delayed_destroy.php
@@ -0,0 +1,71 @@
+<?php
+/*
+ * Copyright 2025 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_disable_secret_delayed_destroy]
+// Import the Secret Manager client library.
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\UpdateSecretRequest;
+use Google\Protobuf\FieldMask;
+
+/**
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ */
+function disable_secret_delayed_destroy(string $projectId, string $secretId): void
+{
+    // Create the Secret Manager client.
+    $client = new SecretManagerServiceClient();
+
+    // Build the resource name of the secret.
+    $name = $client->secretName($projectId, $secretId);
+
+    // Build the secret.
+    $secret = new Secret([
+        'name' => $name
+    ]);
+
+    // Set the field mask.
+    $fieldMask = new FieldMask();
+    $fieldMask->setPaths(['version_destroy_ttl']);
+
+    // Build the request.
+    $request = new UpdateSecretRequest();
+    $request->setSecret($secret);
+    $request->setUpdateMask($fieldMask);
+
+    // Update the secret.
+    $newSecret = $client->updateSecret($request);
+
+    // Print the new secret name.
+    printf('Updated secret: %s', $newSecret->getName());
+}
+// [END secretmanager_disable_secret_delayed_destroy]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/update_regional_secret_with_delayed_destroy.php b/secretmanager/src/update_regional_secret_with_delayed_destroy.php
new file mode 100644
index 000000000..64177cbca
--- /dev/null
+++ b/secretmanager/src/update_regional_secret_with_delayed_destroy.php
@@ -0,0 +1,80 @@
+<?php
+/*
+ * Copyright 2025 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_update_regional_secret_with_delayed_destroy]
+// Import the Secret Manager client library.
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\UpdateSecretRequest;
+use Google\Protobuf\Duration;
+use Google\Protobuf\FieldMask;
+
+/**
+ * @param string $projectId      Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $locationId     Your Google Cloud Location ID (e.g. 'us-central1')
+ * @param string $secretId       Your secret ID (e.g. 'my-secret')
+ * @param int $versionDestroyTtl Your Version Destroy Ttl (e.g. 86400)
+ */
+function update_regional_secret_with_delayed_destroy(string $projectId, string $locationId, string $secretId, string $versionDestroyTtl): void
+{
+    // Specify regional endpoint.
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+
+    // Create the Secret Manager client.
+    $client = new SecretManagerServiceClient($options);
+
+    // Build the resource name of the secret.
+    $name = $client->projectLocationSecretName($projectId, $locationId, $secretId);
+
+    // Build the secret.
+    $secret = new Secret([
+        'name' => $name,
+        'version_destroy_ttl' => new Duration([
+            'seconds' => $versionDestroyTtl,
+        ])
+    ]);
+
+    // Set the field mask.
+    $fieldMask = new FieldMask();
+    $fieldMask->setPaths(['version_destroy_ttl']);
+
+    // Build the request.
+    $request = new UpdateSecretRequest();
+    $request->setSecret($secret);
+    $request->setUpdateMask($fieldMask);
+
+    // Update the secret.
+    $newSecret = $client->updateSecret($request);
+
+    // Print the new secret name.
+    printf('Updated secret: %s', $newSecret->getName());
+}
+// [END secretmanager_update_regional_secret_with_delayed_destroy]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/update_secret_with_delayed_destroy.php b/secretmanager/src/update_secret_with_delayed_destroy.php
new file mode 100644
index 000000000..ed9e6097c
--- /dev/null
+++ b/secretmanager/src/update_secret_with_delayed_destroy.php
@@ -0,0 +1,76 @@
+<?php
+/*
+ * Copyright 2025 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_update_secret_with_delayed_destroy]
+// Import the Secret Manager client library.
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\UpdateSecretRequest;
+use Google\Protobuf\Duration;
+use Google\Protobuf\FieldMask;
+
+/**
+ * @param string $projectId      Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId       Your secret ID (e.g. 'my-secret')
+ * @param int $versionDestroyTtl Your Version Destroy Ttl (e.g. 86400)
+ */
+function update_secret_with_delayed_destroy(string $projectId, string $secretId, string $versionDestroyTtl): void
+{
+    // Create the Secret Manager client.
+    $client = new SecretManagerServiceClient();
+
+    // Build the resource name of the secret.
+    $name = $client->secretName($projectId, $secretId);
+
+    // Build the secret.
+    $secret = new Secret([
+        'name' => $name,
+        'version_destroy_ttl' => new Duration([
+            'seconds' => $versionDestroyTtl,
+        ])
+    ]);
+
+    // Set the field mask.
+    $fieldMask = new FieldMask();
+    $fieldMask->setPaths(['version_destroy_ttl']);
+
+    // Build the request.
+    $request = new UpdateSecretRequest();
+    $request->setSecret($secret);
+    $request->setUpdateMask($fieldMask);
+
+    // Update the secret.
+    $newSecret = $client->updateSecret($request);
+
+    // Print the new secret name.
+    printf('Updated secret: %s', $newSecret->getName());
+}
+// [END secretmanager_update_secret_with_delayed_destroy]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php
index 01d5c7b48..ff37a9deb 100644
--- a/secretmanager/test/regionalsecretmanagerTest.php
+++ b/secretmanager/test/regionalsecretmanagerTest.php
@@ -59,6 +59,7 @@ class regionalsecretmanagerTest extends TestCase
     private static $testSecretBindTagToCreateName;
     private static $testSecretWithLabelsToCreateName;
     private static $testSecretWithAnnotationsToCreateName;
+    private static $testSecretWithDelayedDestroyToCreateName;
 
     private static $iamUser = 'user:kapishsingh@google.com';
     private static $locationId = 'us-central1';
@@ -68,6 +69,7 @@ class regionalsecretmanagerTest extends TestCase
     private static $testAnnotationKey = 'test-annotation-key';
     private static $testAnnotationValue = 'test-annotation-value';
     private static $testUpdatedAnnotationValue = 'test-annotation-new-value';
+    private static $testDelayedDestroyTime = 86400;
 
     private static $testTagKey;
     private static $testTagValue;
@@ -91,6 +93,7 @@ public static function setUpBeforeClass(): void
         self::$testSecretBindTagToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
         self::$testSecretWithLabelsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
         self::$testSecretWithAnnotationsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
+        self::$testSecretWithDelayedDestroyToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
         self::disableSecretVersion(self::$testSecretVersionToEnable);
 
         self::$testTagKey = self::createTagKey(self::randomSecretId());
@@ -110,6 +113,7 @@ public static function tearDownAfterClass(): void
         self::deleteSecret(self::$testSecretBindTagToCreateName);
         self::deleteSecret(self::$testSecretWithLabelsToCreateName);
         self::deleteSecret(self::$testSecretWithAnnotationsToCreateName);
+        self::deleteSecret(self::$testSecretWithDelayedDestroyToCreateName);
         sleep(15); // Added a sleep to wait for the tag unbinding
         self::deleteTagValue();
         self::deleteTagKey();
@@ -588,4 +592,45 @@ public function testDeleteSecretAnnotation()
 
         $this->assertStringContainsString('Updated secret', $output);
     }
+
+    public function testCreateSecretWithDelayedDestroyed()
+    {
+        $name = self::$client->parseName(self::$testSecretWithDelayedDestroyToCreateName);
+
+        $output = $this->runFunctionSnippet('create_regional_secret_with_delayed_destroy', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+            self::$testDelayedDestroyTime
+        ]);
+
+        $this->assertStringContainsString('Created secret', $output);
+    }
+
+    public function testDisableSecretDelayedDestroy()
+    {
+        $name = self::$client->parseName(self::$testSecretWithDelayedDestroyToCreateName);
+
+        $output = $this->runFunctionSnippet('disable_regional_secret_delayed_destroy', [
+            $name['project'],
+            $name['location'],
+            $name['secret']
+        ]);
+
+        $this->assertStringContainsString('Updated secret', $output);
+    }
+
+    public function testUpdateSecretWithDelayedDestroyed()
+    {
+        $name = self::$client->parseName(self::$testSecretWithDelayedDestroyToCreateName);
+
+        $output = $this->runFunctionSnippet('update_regional_secret_with_delayed_destroy', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+            self::$testDelayedDestroyTime
+        ]);
+
+        $this->assertStringContainsString('Updated secret', $output);
+    }
 }
diff --git a/secretmanager/test/secretmanagerTest.php b/secretmanager/test/secretmanagerTest.php
index a67d8cfa7..2c57c616f 100644
--- a/secretmanager/test/secretmanagerTest.php
+++ b/secretmanager/test/secretmanagerTest.php
@@ -62,6 +62,7 @@ class secretmanagerTest extends TestCase
     private static $testSecretBindTagToCreateName;
     private static $testSecretWithLabelsToCreateName;
     private static $testSecretWithAnnotationsToCreateName;
+    private static $testSecretWithDelayedDestroyToCreateName;
 
     private static $iamUser = 'user:sethvargo@google.com';
     private static $testLabelKey = 'test-label-key';
@@ -70,6 +71,7 @@ class secretmanagerTest extends TestCase
     private static $testAnnotationKey = 'test-annotation-key';
     private static $testAnnotationValue = 'test-annotation-value';
     private static $testUpdatedAnnotationValue = 'test-annotation-new-value';
+    private static $testDelayedDestroyTime = 86400;
 
     private static $testTagKey;
     private static $testTagValue;
@@ -89,6 +91,7 @@ public static function setUpBeforeClass(): void
         self::$testSecretBindTagToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId());
         self::$testSecretWithLabelsToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId());
         self::$testSecretWithAnnotationsToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId());
+        self::$testSecretWithDelayedDestroyToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId());
 
         self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions);
         self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions);
@@ -111,6 +114,7 @@ public static function tearDownAfterClass(): void
         self::deleteSecret(self::$testSecretBindTagToCreateName);
         self::deleteSecret(self::$testSecretWithLabelsToCreateName);
         self::deleteSecret(self::$testSecretWithAnnotationsToCreateName);
+        self::deleteSecret(self::$testSecretWithDelayedDestroyToCreateName);
         sleep(15); // Added a sleep to wait for the tag unbinding
         self::deleteTagValue();
         self::deleteTagKey();
@@ -582,4 +586,42 @@ public function testDeleteSecretAnnotation()
 
         $this->assertStringContainsString('Updated secret', $output);
     }
+
+    public function testCreateSecretWithDelayedDestroyed()
+    {
+        $name = self::$client->parseName(self::$testSecretWithDelayedDestroyToCreateName);
+
+        $output = $this->runFunctionSnippet('create_secret_with_delayed_destroy', [
+            $name['project'],
+            $name['secret'],
+            self::$testDelayedDestroyTime
+        ]);
+
+        $this->assertStringContainsString('Created secret', $output);
+    }
+
+    public function testDisableSecretDelayedDestroy()
+    {
+        $name = self::$client->parseName(self::$testSecretWithDelayedDestroyToCreateName);
+
+        $output = $this->runFunctionSnippet('disable_secret_delayed_destroy', [
+            $name['project'],
+            $name['secret'],
+        ]);
+
+        $this->assertStringContainsString('Updated secret', $output);
+    }
+
+    public function testUpdateSecretWithDelayedDestroyed()
+    {
+        $name = self::$client->parseName(self::$testSecretWithDelayedDestroyToCreateName);
+
+        $output = $this->runFunctionSnippet('update_secret_with_delayed_destroy', [
+            $name['project'],
+            $name['secret'],
+            self::$testDelayedDestroyTime
+        ]);
+
+        $this->assertStringContainsString('Updated secret', $output);
+    }
 }

From 64cd746308e9ca928fd945579671f6a2aefea3b0 Mon Sep 17 00:00:00 2001
From: durgesh-ninave-crest <durgesh.ninave@crestdata.ai>
Date: Tue, 22 Jul 2025 11:50:01 +0530
Subject: [PATCH 2/3] chore(secretmanager): Update argument type

---
 .../src/update_regional_secret_with_delayed_destroy.php         | 2 +-
 secretmanager/src/update_secret_with_delayed_destroy.php        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/secretmanager/src/update_regional_secret_with_delayed_destroy.php b/secretmanager/src/update_regional_secret_with_delayed_destroy.php
index 64177cbca..98e0d114e 100644
--- a/secretmanager/src/update_regional_secret_with_delayed_destroy.php
+++ b/secretmanager/src/update_regional_secret_with_delayed_destroy.php
@@ -39,7 +39,7 @@
  * @param string $secretId       Your secret ID (e.g. 'my-secret')
  * @param int $versionDestroyTtl Your Version Destroy Ttl (e.g. 86400)
  */
-function update_regional_secret_with_delayed_destroy(string $projectId, string $locationId, string $secretId, string $versionDestroyTtl): void
+function update_regional_secret_with_delayed_destroy(string $projectId, string $locationId, string $secretId, int $versionDestroyTtl): void
 {
     // Specify regional endpoint.
     $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
diff --git a/secretmanager/src/update_secret_with_delayed_destroy.php b/secretmanager/src/update_secret_with_delayed_destroy.php
index ed9e6097c..b487ff955 100644
--- a/secretmanager/src/update_secret_with_delayed_destroy.php
+++ b/secretmanager/src/update_secret_with_delayed_destroy.php
@@ -38,7 +38,7 @@
  * @param string $secretId       Your secret ID (e.g. 'my-secret')
  * @param int $versionDestroyTtl Your Version Destroy Ttl (e.g. 86400)
  */
-function update_secret_with_delayed_destroy(string $projectId, string $secretId, string $versionDestroyTtl): void
+function update_secret_with_delayed_destroy(string $projectId, string $secretId, int $versionDestroyTtl): void
 {
     // Create the Secret Manager client.
     $client = new SecretManagerServiceClient();

From d6936a7b6593a271151bd44f4aa01c74ce35d39b Mon Sep 17 00:00:00 2001
From: durgesh-ninave-crest <durgesh.ninave@crestdata.ai>
Date: Fri, 25 Jul 2025 17:04:59 +0530
Subject: [PATCH 3/3] chore(secretmanager): Updated test assertions

---
 .../test/regionalsecretmanagerTest.php         | 16 ++++++++++++++++
 secretmanager/test/secretmanagerTest.php       | 18 ++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php
index ff37a9deb..18c9c97ac 100644
--- a/secretmanager/test/regionalsecretmanagerTest.php
+++ b/secretmanager/test/regionalsecretmanagerTest.php
@@ -33,6 +33,7 @@
 use Google\Cloud\SecretManager\V1\CreateSecretRequest;
 use Google\Cloud\SecretManager\V1\DeleteSecretRequest;
 use Google\Cloud\SecretManager\V1\DisableSecretVersionRequest;
+use Google\Cloud\SecretManager\V1\GetSecretRequest;
 use Google\Cloud\SecretManager\V1\Secret;
 use Google\Cloud\SecretManager\V1\SecretPayload;
 use Google\Cloud\SecretManager\V1\SecretVersion;
@@ -166,6 +167,13 @@ private static function deleteSecret(string $name)
         }
     }
 
+    private static function getSecret(string $projectId, string $locationId, string $secretId): Secret
+    {
+        $name = self::$client->projectLocationSecretName($projectId, $locationId, $secretId);
+        $getSecretRequest = (new GetSecretRequest())->setName($name);
+        return self::$client->getSecret($getSecretRequest);
+    }
+
     private static function createTagKey(string $short_name): string
     {
         $parent = self::$client->projectName(self::$projectId);
@@ -605,6 +613,9 @@ public function testCreateSecretWithDelayedDestroyed()
         ]);
 
         $this->assertStringContainsString('Created secret', $output);
+
+        $secret = self::getSecret($name['project'], $name['location'], $name['secret']);
+        $this->assertEquals(self::$testDelayedDestroyTime, $secret->getVersionDestroyTtl()->getSeconds());
     }
 
     public function testDisableSecretDelayedDestroy()
@@ -618,6 +629,9 @@ public function testDisableSecretDelayedDestroy()
         ]);
 
         $this->assertStringContainsString('Updated secret', $output);
+
+        $secret = self::getSecret($name['project'], $name['location'], $name['secret']);
+        $this->assertNull($secret->getVersionDestroyTtl());
     }
 
     public function testUpdateSecretWithDelayedDestroyed()
@@ -632,5 +646,7 @@ public function testUpdateSecretWithDelayedDestroyed()
         ]);
 
         $this->assertStringContainsString('Updated secret', $output);
+        $secret = self::getSecret($name['project'], $name['location'], $name['secret']);
+        $this->assertEquals(self::$testDelayedDestroyTime, $secret->getVersionDestroyTtl()->getSeconds());
     }
 }
diff --git a/secretmanager/test/secretmanagerTest.php b/secretmanager/test/secretmanagerTest.php
index 2c57c616f..11b9dd3bd 100644
--- a/secretmanager/test/secretmanagerTest.php
+++ b/secretmanager/test/secretmanagerTest.php
@@ -33,6 +33,7 @@
 use Google\Cloud\SecretManager\V1\CreateSecretRequest;
 use Google\Cloud\SecretManager\V1\DeleteSecretRequest;
 use Google\Cloud\SecretManager\V1\DisableSecretVersionRequest;
+use Google\Cloud\SecretManager\V1\GetSecretRequest;
 use Google\Cloud\SecretManager\V1\Replication;
 use Google\Cloud\SecretManager\V1\Replication\Automatic;
 use Google\Cloud\SecretManager\V1\Secret;
@@ -171,6 +172,14 @@ private static function deleteSecret(string $name)
         }
     }
 
+    private static function getSecret(string $projectId, string $secretId): Secret
+    {
+        $name = self::$client->secretName($projectId, $secretId);
+        $getSecretRequest = (new GetSecretRequest())
+            ->setName($name);
+        return self::$client->getSecret($getSecretRequest);
+    }
+
     private static function createTagKey(string $short_name): string
     {
         $parent = self::$client->projectName(self::$projectId);
@@ -598,6 +607,9 @@ public function testCreateSecretWithDelayedDestroyed()
         ]);
 
         $this->assertStringContainsString('Created secret', $output);
+
+        $secret = self::getSecret($name['project'], $name['secret']);
+        $this->assertEquals(self::$testDelayedDestroyTime, $secret->getVersionDestroyTtl()->getSeconds());
     }
 
     public function testDisableSecretDelayedDestroy()
@@ -610,6 +622,9 @@ public function testDisableSecretDelayedDestroy()
         ]);
 
         $this->assertStringContainsString('Updated secret', $output);
+
+        $secret = self::getSecret($name['project'], $name['secret']);
+        $this->assertNull($secret->getVersionDestroyTtl());
     }
 
     public function testUpdateSecretWithDelayedDestroyed()
@@ -623,5 +638,8 @@ public function testUpdateSecretWithDelayedDestroyed()
         ]);
 
         $this->assertStringContainsString('Updated secret', $output);
+
+        $secret = self::getSecret($name['project'], $name['secret']);
+        $this->assertEquals(self::$testDelayedDestroyTime, $secret->getVersionDestroyTtl()->getSeconds());
     }
 }