diff --git a/secretmanager/src/create_regional_secret_with_expiration.php b/secretmanager/src/create_regional_secret_with_expiration.php
new file mode 100644
index 0000000000..241698d6f9
--- /dev/null
+++ b/secretmanager/src/create_regional_secret_with_expiration.php
@@ -0,0 +1,69 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_create_regional_secret_with_expiration]
+use Google\Cloud\SecretManager\V1\CreateSecretRequest;
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Protobuf\Duration;
+
+/**
+ * Create a regional secret with expiration TTL.
+ *
+ * @param string $projectId Google Cloud project id (e.g. 'my-project')
+ * @param string $locationId Secret location (e.g. 'us-central1')
+ * @param string $secretId Id for the new secret (e.g. 'my-secret')
+ */
+function create_regional_secret_with_expiration(string $projectId, string $locationId, string $secretId): void
+{
+    // Create the Secret Manager Regional client.
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+    $client = new SecretManagerServiceClient($options);
+
+    // Build the resource name of the parent project.
+    $parent = $client->locationName($projectId, $locationId);
+
+    $duration = new Duration();
+    $duration->setSeconds(3600); // 1 hour TTL in seconds
+
+    $secret = new Secret();
+    $secret->setTtl($duration);
+
+    // Build the request.
+    $request = CreateSecretRequest::build($parent, $secretId, $secret);
+
+    // Create the secret.
+    $newSecret = $client->createSecret($request);
+
+    // Print the new secret name.
+    printf('Created secret: %s%s', $newSecret->getName(), PHP_EOL);
+}
+// [END secretmanager_create_regional_secret_with_expiration]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/create_secret_with_expiration.php b/secretmanager/src/create_secret_with_expiration.php
new file mode 100644
index 0000000000..0a12dd7a02
--- /dev/null
+++ b/secretmanager/src/create_secret_with_expiration.php
@@ -0,0 +1,74 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_create_secret_with_expiration]
+use Google\Cloud\SecretManager\V1\CreateSecretRequest;
+use Google\Cloud\SecretManager\V1\Replication;
+use Google\Cloud\SecretManager\V1\Replication\Automatic;
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Protobuf\Duration;
+
+/**
+ * Create a secret with expiration TTL.
+ * 
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ */
+function create_secret_with_expiration(string $projectId, string $secretId): void
+{
+    // Create the Secret Manager client.
+    $client = new SecretManagerServiceClient();
+
+    // Build the resource name of the parent project.
+    $parent = $client->projectName($projectId);
+
+    $secret = new Secret([
+        'replication' => new Replication([
+            'automatic' => new Automatic(),
+        ]),
+    ]);
+
+    $duration = new Duration();
+    $duration->setSeconds(3600); // 1 hour TTL in seconds
+
+    $secret->setTtl($duration);
+
+    // Build the request.
+    $request = CreateSecretRequest::build($parent, $secretId, $secret);
+
+    // Create the secret.
+    $newSecret = $client->createSecret($request);
+
+    // Print the new secret name.
+    printf('Created secret: %s%s', $newSecret->getName(), PHP_EOL);
+}
+// [END secretmanager_create_secret_with_expiration]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/delete_regional_secret_expiration.php b/secretmanager/src/delete_regional_secret_expiration.php
new file mode 100644
index 0000000000..d07339c04d
--- /dev/null
+++ b/secretmanager/src/delete_regional_secret_expiration.php
@@ -0,0 +1,74 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_delete_regional_secret_expiration]
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\UpdateSecretRequest;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Protobuf\FieldMask;
+
+/**
+ * Delete the expiration TTL from a regional secret.
+ *
+ * @param string $projectId Google Cloud project id (e.g. 'my-project')
+ * @param string $locationId Secret location (e.g. 'us-central1')
+ * @param string $secretId  Secret id (e.g. 'my-secret')
+ */
+function delete_regional_secret_expiration(string $projectId, string $locationId, string $secretId): void
+{
+    // Create the Secret Manager client.
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+    $client = new SecretManagerServiceClient($options);
+
+    // Build the resource name of the secret.
+    $name = $client->projectLocationSecretName($projectId, $locationId, $secretId);
+
+    // Build the secret with only the name — leaving ttl unset clears it when used with an update mask.
+    $secret = new Secret([
+        'name' => $name,
+    ]);
+
+    // Set the field mask to clear the ttl field.
+    $fieldMask = new FieldMask();
+    $fieldMask->setPaths(['ttl']);
+
+    // Build the request.
+    $request = new UpdateSecretRequest();
+    $request->setSecret($secret);
+    $request->setUpdateMask($fieldMask);
+
+    // Update the secret.
+    $newSecret = $client->updateSecret($request);
+
+    // Print the new secret name.
+    printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL);
+}
+// [END secretmanager_delete_regional_secret_expiration]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/delete_regional_secret_using_etag.php b/secretmanager/src/delete_regional_secret_using_etag.php
new file mode 100644
index 0000000000..fb3a8c4b84
--- /dev/null
+++ b/secretmanager/src/delete_regional_secret_using_etag.php
@@ -0,0 +1,67 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_delete_regional_secret_using_etag]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\GetSecretRequest;
+use Google\Cloud\SecretManager\V1\DeleteSecretRequest;
+
+/**
+ * Delete a regional secret using a stored etag (optimistic concurrency).
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $locationId Secret location (e.g. 'us-central1')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ */
+function delete_regional_secret_using_etag(string $projectId, string $locationId, string $secretId): void
+{
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+    $client = new SecretManagerServiceClient($options);
+
+    $name = $client->projectLocationSecretName($projectId, $locationId, $secretId);
+
+    // Get the current secret to read the etag.
+    $getRequest = GetSecretRequest::build($name);
+    $current = $client->getSecret($getRequest);
+
+    $etag = $current->getEtag();
+
+    // Build the delete request with the etag.
+    $deleteRequest = (new DeleteSecretRequest())
+        ->setName($name)
+        ->setEtag($etag);
+
+    // Delete the secret.
+    $client->deleteSecret($deleteRequest);
+
+    printf('Deleted secret %s' . PHP_EOL, $secretId);
+}
+// [END secretmanager_delete_regional_secret_using_etag]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/delete_secret_expiration.php b/secretmanager/src/delete_secret_expiration.php
new file mode 100644
index 0000000000..18be08d38b
--- /dev/null
+++ b/secretmanager/src/delete_secret_expiration.php
@@ -0,0 +1,72 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_delete_secret_expiration]
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\UpdateSecretRequest;
+use Google\Protobuf\FieldMask;
+
+/**
+ * Delete the TTL (expiration) from a secret.
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ */
+function delete_secret_expiration(string $projectId, string $secretId): void
+{
+    // Create the Secret Manager client.
+    $client = new SecretManagerServiceClient();
+
+    // Build the resource name of the secret.
+    $name = $client->secretName($projectId, $secretId);
+
+    // Build the secret with only the name — leaving ttl unset clears it when used with an update mask.
+    $secret = new Secret([
+        'name' => $name,
+    ]);
+
+    // Set the field mask to clear the ttl field.
+    $fieldMask = new FieldMask();
+    $fieldMask->setPaths(['ttl']);
+
+    // Build the request.
+    $request = new UpdateSecretRequest();
+    $request->setSecret($secret);
+    $request->setUpdateMask($fieldMask);
+
+    // Update the secret.
+    $newSecret = $client->updateSecret($request);
+
+    // Print the new secret name.
+    printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL);
+}
+// [END secretmanager_delete_secret_expiration]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/delete_secret_using_etag.php b/secretmanager/src/delete_secret_using_etag.php
new file mode 100644
index 0000000000..2f845625cf
--- /dev/null
+++ b/secretmanager/src/delete_secret_using_etag.php
@@ -0,0 +1,65 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_delete_secret_using_etag]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\GetSecretRequest;
+use Google\Cloud\SecretManager\V1\DeleteSecretRequest;
+
+/**
+ * Delete a secret using a stored etag (optimistic concurrency).
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ */
+function delete_secret_using_etag(string $projectId, string $secretId): void
+{
+    $client = new SecretManagerServiceClient();
+
+    $name = $client->secretName($projectId, $secretId);
+
+    // Get the current secret to read the etag.
+    $getRequest = GetSecretRequest::build($name);
+    $current = $client->getSecret($getRequest);
+
+    $etag = $current->getEtag();
+
+    // Build the delete request with the etag.
+    $deleteRequest = (new DeleteSecretRequest())
+        ->setName($name)
+        ->setEtag($etag);
+
+    // Delete the secret.
+    $client->deleteSecret($deleteRequest);
+
+    printf('Deleted secret %s' . PHP_EOL, $secretId);
+}
+// [END secretmanager_delete_secret_using_etag]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/destroy_regional_secret_version_using_etag.php b/secretmanager/src/destroy_regional_secret_version_using_etag.php
new file mode 100644
index 0000000000..457490e72e
--- /dev/null
+++ b/secretmanager/src/destroy_regional_secret_version_using_etag.php
@@ -0,0 +1,63 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_destroy_regional_secret_version_using_etag]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\GetSecretVersionRequest;
+use Google\Cloud\SecretManager\V1\DestroySecretVersionRequest;
+
+/**
+ * Destroy a regional secret version using a stored etag.
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $locationId Secret location (e.g. 'us-central1')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ * @param string $versionId Your version ID (e.g. 'latest' or '5')
+ */
+function destroy_regional_secret_version_using_etag(string $projectId, string $locationId, string $secretId, string $versionId): void
+{
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+    $client = new SecretManagerServiceClient($options);
+
+    $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId);
+
+    // Read current etag for the version.
+    $getRequest = GetSecretVersionRequest::build($name);
+    $current = $client->getSecretVersion($getRequest);
+    $etag = $current->getEtag();
+
+    $request = DestroySecretVersionRequest::build($name)->setEtag($etag);
+
+    $response = $client->destroySecretVersion($request);
+
+    printf('Destroyed secret version: %s' . PHP_EOL, $response->getName());
+}
+// [END secretmanager_destroy_regional_secret_version_using_etag]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/destroy_secret_version_using_etag.php b/secretmanager/src/destroy_secret_version_using_etag.php
new file mode 100644
index 0000000000..a8b31d3230
--- /dev/null
+++ b/secretmanager/src/destroy_secret_version_using_etag.php
@@ -0,0 +1,61 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_destroy_secret_version_using_etag]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\GetSecretVersionRequest;
+use Google\Cloud\SecretManager\V1\DestroySecretVersionRequest;
+
+/**
+ * Destroy a secret version using a stored etag.
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ * @param string $versionId Your version ID (e.g. 'latest' or '5')
+ */
+function destroy_secret_version_using_etag(string $projectId, string $secretId, string $versionId): void
+{
+    $client = new SecretManagerServiceClient();
+
+    $name = $client->secretVersionName($projectId, $secretId, $versionId);
+
+    // Read current etag for the version.
+    $getRequest = GetSecretVersionRequest::build($name);
+    $current = $client->getSecretVersion($getRequest);
+    $etag = $current->getEtag();
+
+    $request = DestroySecretVersionRequest::build($name)->setEtag($etag);
+
+    $response = $client->destroySecretVersion($request);
+
+    printf('Destroyed secret version: %s' . PHP_EOL, $response->getName());
+}
+// [END secretmanager_destroy_secret_version_using_etag]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/disable_regional_secret_version_using_etag.php b/secretmanager/src/disable_regional_secret_version_using_etag.php
new file mode 100644
index 0000000000..ffb5a3c6e4
--- /dev/null
+++ b/secretmanager/src/disable_regional_secret_version_using_etag.php
@@ -0,0 +1,63 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_disable_regional_secret_version_using_etag]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\GetSecretVersionRequest;
+use Google\Cloud\SecretManager\V1\DisableSecretVersionRequest;
+
+/**
+ * Disable a regional secret version using a stored etag.
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $locationId Secret location (e.g. 'us-central1')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ * @param string $versionId Your version ID (e.g. 'latest' or '5')
+ */
+function disable_regional_secret_version_using_etag(string $projectId, string $locationId, string $secretId, string $versionId): void
+{
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+    $client = new SecretManagerServiceClient($options);
+
+    $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId);
+
+    // Read current etag for the version.
+    $getRequest = GetSecretVersionRequest::build($name);
+    $current = $client->getSecretVersion($getRequest);
+    $etag = $current->getEtag();
+
+    $request = DisableSecretVersionRequest::build($name)->setEtag($etag);
+
+    $response = $client->disableSecretVersion($request);
+
+    printf('Disabled secret version: %s' . PHP_EOL, $response->getName());
+}
+// [END secretmanager_disable_regional_secret_version_using_etag]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/disable_secret_version_using_etag.php b/secretmanager/src/disable_secret_version_using_etag.php
new file mode 100644
index 0000000000..44240b44f8
--- /dev/null
+++ b/secretmanager/src/disable_secret_version_using_etag.php
@@ -0,0 +1,61 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_disable_secret_version_using_etag]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\GetSecretVersionRequest;
+use Google\Cloud\SecretManager\V1\DisableSecretVersionRequest;
+
+/**
+ * Disable a secret version using a stored etag.
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ * @param string $versionId Your version ID (e.g. 'latest' or '5')
+ */
+function disable_secret_version_using_etag(string $projectId, string $secretId, string $versionId): void
+{
+    $client = new SecretManagerServiceClient();
+
+    $name = $client->secretVersionName($projectId, $secretId, $versionId);
+
+    // Read current etag for the version.
+    $getRequest = GetSecretVersionRequest::build($name);
+    $current = $client->getSecretVersion($getRequest);
+    $etag = $current->getEtag();
+
+    $request = DisableSecretVersionRequest::build($name)->setEtag($etag);
+
+    $response = $client->disableSecretVersion($request);
+
+    printf('Disabled secret version: %s' . PHP_EOL, $response->getName());
+}
+// [END secretmanager_disable_secret_version_using_etag]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/enable_regional_secret_version_using_etag.php b/secretmanager/src/enable_regional_secret_version_using_etag.php
new file mode 100644
index 0000000000..df423f5413
--- /dev/null
+++ b/secretmanager/src/enable_regional_secret_version_using_etag.php
@@ -0,0 +1,63 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_enable_regional_secret_version_using_etag]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\GetSecretVersionRequest;
+use Google\Cloud\SecretManager\V1\EnableSecretVersionRequest;
+
+/**
+ * Enable a regional secret version using a stored etag.
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $locationId Secret location (e.g. 'us-central1')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ * @param string $versionId Your version ID (e.g. 'latest' or '5')
+ */
+function enable_regional_secret_version_using_etag(string $projectId, string $locationId, string $secretId, string $versionId): void
+{
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+    $client = new SecretManagerServiceClient($options);
+
+    $name = $client->projectLocationSecretSecretVersionName($projectId, $locationId, $secretId, $versionId);
+
+    // Read current etag for the version.
+    $getRequest = GetSecretVersionRequest::build($name);
+    $current = $client->getSecretVersion($getRequest);
+    $etag = $current->getEtag();
+
+    $request = EnableSecretVersionRequest::build($name)->setEtag($etag);
+
+    $response = $client->enableSecretVersion($request);
+
+    printf('Enabled secret version: %s' . PHP_EOL, $response->getName());
+}
+// [END secretmanager_enable_regional_secret_version_using_etag]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/enable_secret_version_using_etag.php b/secretmanager/src/enable_secret_version_using_etag.php
new file mode 100644
index 0000000000..82668c8832
--- /dev/null
+++ b/secretmanager/src/enable_secret_version_using_etag.php
@@ -0,0 +1,61 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_enable_secret_version_using_etag]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\GetSecretVersionRequest;
+use Google\Cloud\SecretManager\V1\EnableSecretVersionRequest;
+
+/**
+ * Enable a secret version using a stored etag.
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ * @param string $versionId Your version ID (e.g. 'latest' or '5')
+ */
+function enable_secret_version_using_etag(string $projectId, string $secretId, string $versionId): void
+{
+    $client = new SecretManagerServiceClient();
+
+    $name = $client->secretVersionName($projectId, $secretId, $versionId);
+
+    // Read current etag for the version.
+    $getRequest = GetSecretVersionRequest::build($name);
+    $current = $client->getSecretVersion($getRequest);
+    $etag = $current->getEtag();
+
+    $request = EnableSecretVersionRequest::build($name)->setEtag($etag);
+
+    $response = $client->enableSecretVersion($request);
+
+    printf('Enabled secret version: %s' . PHP_EOL, $response->getName());
+}
+// [END secretmanager_enable_secret_version_using_etag]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/list_regional_secret_versions_with_filter.php b/secretmanager/src/list_regional_secret_versions_with_filter.php
new file mode 100644
index 0000000000..c86bb03a71
--- /dev/null
+++ b/secretmanager/src/list_regional_secret_versions_with_filter.php
@@ -0,0 +1,57 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_list_regional_secret_versions_with_filter]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\ListSecretVersionsRequest;
+
+/**
+ * List secret versions in a location using a filter.
+ *
+ * @param string $projectId Your Google Cloud project id (e.g. 'my-project')
+ * @param string $locationId Your secret location (e.g. 'us-central1')
+ * @param string $secretId  Secret id (e.g. 'my-secret')
+ * @param string $filter    Filter string (see Secret Manager filtering docs)
+ */
+function list_regional_secret_versions_with_filter(string $projectId, string $locationId, string $secretId, string $filter): void
+{
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+    $client = new SecretManagerServiceClient($options);
+
+    $parent = $client->projectLocationSecretName($projectId, $locationId, $secretId);
+
+    $request = ListSecretVersionsRequest::build($parent)->setFilter($filter);
+
+    foreach ($client->listSecretVersions($request) as $version) {
+        printf('Found secret version %s' . PHP_EOL, $version->getName());
+    }
+}
+// [END secretmanager_list_regional_secret_versions_with_filter]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/list_regional_secrets_with_filter.php b/secretmanager/src/list_regional_secrets_with_filter.php
new file mode 100644
index 0000000000..9f83f7fcb9
--- /dev/null
+++ b/secretmanager/src/list_regional_secrets_with_filter.php
@@ -0,0 +1,56 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_list_regional_secrets_with_filter]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\ListSecretsRequest;
+
+/**
+ * List secrets in a location using a filter.
+ *
+ * @param string $projectId Your Google Cloud project id (e.g. 'my-project')
+ * @param string $locationId Your secret location (e.g. 'us-central1')
+ * @param string $filter    Filter string (see Secret Manager filtering docs)
+ */
+function list_regional_secrets_with_filter(string $projectId, string $locationId, string $filter): void
+{
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+    $client = new SecretManagerServiceClient($options);
+
+    $parent = $client->locationName($projectId, $locationId);
+
+    $request = ListSecretsRequest::build($parent)->setFilter($filter);
+
+    foreach ($client->listSecrets($request) as $secret) {
+        printf('Found secret %s' . PHP_EOL, $secret->getName());
+    }
+}
+// [END secretmanager_list_regional_secrets_with_filter]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/list_secret_versions_with_filter.php b/secretmanager/src/list_secret_versions_with_filter.php
new file mode 100644
index 0000000000..d6fb6c2866
--- /dev/null
+++ b/secretmanager/src/list_secret_versions_with_filter.php
@@ -0,0 +1,55 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_list_secret_versions_with_filter]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\ListSecretVersionsRequest;
+
+/**
+ * List secret versions for a secret using a filter.
+ *
+ * @param string $projectId Your Google Cloud project id (e.g. 'my-project')
+ * @param string $secretId  Your secret id (e.g. 'my-secret')
+ * @param string $filter    Filter string (see Secret Manager filtering docs)
+ */
+function list_secret_versions_with_filter(string $projectId, string $secretId, string $filter): void
+{
+    $client = new SecretManagerServiceClient();
+
+    $parent = $client->secretName($projectId, $secretId);
+
+    $request = ListSecretVersionsRequest::build($parent)->setFilter($filter);
+
+    foreach ($client->listSecretVersions($request) as $version) {
+        printf('Found secret version %s' . PHP_EOL, $version->getName());
+    }
+}
+// [END secretmanager_list_secret_versions_with_filter]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/list_secrets_with_filter.php b/secretmanager/src/list_secrets_with_filter.php
new file mode 100644
index 0000000000..2d07bed0d2
--- /dev/null
+++ b/secretmanager/src/list_secrets_with_filter.php
@@ -0,0 +1,54 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_list_secrets_with_filter]
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\ListSecretsRequest;
+
+/**
+ * List secrets in a project using a filter.
+ *
+ * @param string $projectId Your Google Cloud project id (e.g. 'my-project')
+ * @param string $filter    Filter string (see Secret Manager filtering docs)
+ */
+function list_secrets_with_filter(string $projectId, string $filter): void
+{
+    $client = new SecretManagerServiceClient();
+
+    $parent = $client->projectName($projectId);
+
+    $request = ListSecretsRequest::build($parent)->setFilter($filter);
+
+    foreach ($client->listSecrets($request) as $secret) {
+        printf('Found secret %s' . PHP_EOL, $secret->getName());
+    }
+}
+// [END secretmanager_list_secrets_with_filter]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/update_regional_secret_using_etag.php b/secretmanager/src/update_regional_secret_using_etag.php
new file mode 100644
index 0000000000..5566c1c9dc
--- /dev/null
+++ b/secretmanager/src/update_regional_secret_using_etag.php
@@ -0,0 +1,80 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_update_regional_secret_using_etag]
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\GetSecretRequest;
+use Google\Cloud\SecretManager\V1\UpdateSecretRequest;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Protobuf\FieldMask;
+
+/**
+ * Update a regional secret using an etag for optimistic concurrency.
+ *
+ * This sample fetches the current secret, reads its etag, then attempts to
+ * update the secret's labels while providing the etag. The update will
+ * succeed only if the etag matches the server's current etag.
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $locationId Secret location (e.g. 'us-central1')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ * @param string $labelKey  Label key to set
+ * @param string $labelValue Label value to set
+ */
+function update_regional_secret_using_etag(string $projectId, string $locationId, string $secretId, string $labelKey, string $labelValue): void
+{
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+    $client = new SecretManagerServiceClient($options);
+
+    $name = $client->projectLocationSecretName($projectId, $locationId, $secretId);
+
+    $getRequest = GetSecretRequest::build($name);
+    $current = $client->getSecret($getRequest);
+
+    $etag = $current->getEtag();
+
+    // Prepare the secret with the updated labels and the stored etag.
+    $secret = (new Secret())
+        ->setName($name)
+        ->setLabels([$labelKey => $labelValue])
+        ->setEtag($etag);
+
+    // Only update the labels field.
+    $updateMask = (new FieldMask())->setPaths(['labels']);
+
+    // Build and send the update request.
+    $request = UpdateSecretRequest::build($secret, $updateMask);
+
+    $response = $client->updateSecret($request);
+
+    printf('Updated secret using etag: %s' . PHP_EOL, $response->getName());
+}
+// [END secretmanager_update_regional_secret_using_etag]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/update_regional_secret_with_expiration.php b/secretmanager/src/update_regional_secret_with_expiration.php
new file mode 100644
index 0000000000..dde51e4e41
--- /dev/null
+++ b/secretmanager/src/update_regional_secret_with_expiration.php
@@ -0,0 +1,78 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_update_regional_secret_with_expiration]
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\UpdateSecretRequest;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Protobuf\Duration;
+use Google\Protobuf\FieldMask;
+
+/**
+ * Update the expiration TTL for a regional secret.
+ *
+ * @param string $projectId Google Cloud project id (e.g. 'my-project-id')
+ * @param string $locationId Secret location (e.g. 'us-central1')
+ * @param string $secretId  Secret id (e.g. 'my-secret' )
+ */
+function update_regional_secret_with_expiration(string $projectId, string $locationId, string $secretId): void
+{
+    // Create the Secret Manager client.
+    $options = ['apiEndpoint' => "secretmanager.$locationId.rep.googleapis.com"];
+    $client = new SecretManagerServiceClient($options);
+
+    // Build the resource name of the secret.
+    $name = $client->projectLocationSecretName($projectId, $locationId, $secretId);
+
+    // Build the secret with the new TTL.
+    $secret = new Secret([
+        'name' => $name,
+        'ttl' => new Duration([
+            'seconds' => 7200, // Set TTL to 2 hours.
+        ])
+    ]);
+
+    // Set the field mask to update only the ttl field.
+    $fieldMask = new FieldMask();
+    $fieldMask->setPaths(['ttl']);
+
+    // Build the request.
+    $request = new UpdateSecretRequest();
+    $request->setSecret($secret);
+    $request->setUpdateMask($fieldMask);
+
+    // Update the secret.
+    $newSecret = $client->updateSecret($request);
+
+    // Print the new secret name.
+    printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL);
+}
+// [END secretmanager_update_regional_secret_with_expiration]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/update_secret_using_etag.php b/secretmanager/src/update_secret_using_etag.php
new file mode 100644
index 0000000000..7a1ca198fe
--- /dev/null
+++ b/secretmanager/src/update_secret_using_etag.php
@@ -0,0 +1,81 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_update_secret_using_etag]
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\GetSecretRequest;
+use Google\Cloud\SecretManager\V1\UpdateSecretRequest;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Protobuf\FieldMask;
+
+/**
+ * Update a secret using a stored etag (optimistic concurrency).
+ *
+ * This sample fetches the current secret, reads its etag, then attempts to
+ * update the secret's labels while providing the etag. The update will
+ * succeed only if the etag matches the server's current etag.
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ * @param string $labelKey  Label key to set
+ * @param string $labelValue Label value to set
+ */
+function update_secret_using_etag(string $projectId, string $secretId, string $labelKey, string $labelValue): void
+{
+    // Create the Secret Manager client.
+    $client = new SecretManagerServiceClient();
+
+    // Build the resource name of the secret.
+    $name = $client->secretName($projectId, $secretId);
+
+    // Get the current secret to read the etag.
+    $getRequest = GetSecretRequest::build($name);
+    $current = $client->getSecret($getRequest);
+
+    $etag = $current->getEtag();
+
+    // Prepare the secret with the updated labels and the stored etag.
+    $secret = (new Secret())
+        ->setName($name)
+        ->setLabels([$labelKey => $labelValue])
+        ->setEtag($etag);
+
+    // Only update the labels field.
+    $updateMask = (new FieldMask())->setPaths(['labels']);
+
+    // Build and send the update request.
+    $request = UpdateSecretRequest::build($secret, $updateMask);
+
+    $response = $client->updateSecret($request);
+
+    printf('Updated secret using etag: %s' . PHP_EOL, $response->getName());
+}
+// [END secretmanager_update_secret_using_etag]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/src/update_secret_with_expiration.php b/secretmanager/src/update_secret_with_expiration.php
new file mode 100644
index 0000000000..b6f34961cd
--- /dev/null
+++ b/secretmanager/src/update_secret_with_expiration.php
@@ -0,0 +1,77 @@
+<?php
+/*
+ * Copyright 2026 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/secretmanager/README.md
+ */
+
+declare(strict_types=1);
+
+namespace Google\Cloud\Samples\SecretManager;
+
+// [START secretmanager_update_secret_with_expiration]
+// Import the Secret Manager client library.
+use Google\Cloud\SecretManager\V1\Secret;
+use Google\Cloud\SecretManager\V1\Client\SecretManagerServiceClient;
+use Google\Cloud\SecretManager\V1\UpdateSecretRequest;
+use Google\Protobuf\Duration;
+use Google\Protobuf\FieldMask;
+
+/**
+ * Update the TTL (expiration) for a secret.
+ *
+ * @param string $projectId Your Google Cloud Project ID (e.g. 'my-project')
+ * @param string $secretId  Your secret ID (e.g. 'my-secret')
+ */
+function update_secret_with_expiration(string $projectId, string $secretId): void
+{
+    // Create the Secret Manager client.
+    $client = new SecretManagerServiceClient();
+
+    // Build the resource name of the secret.
+    $name = $client->secretName($projectId, $secretId);
+
+    // Build the secret with the new TTL.
+    $secret = new Secret([
+        'name' => $name,
+        'ttl' => new Duration([
+            'seconds' => 7200, // Set TTL to 2 hours.
+        ])
+    ]);
+
+    // Set the field mask to update only the ttl field.
+    $fieldMask = new FieldMask();
+    $fieldMask->setPaths(['ttl']);
+
+    // Build the request.
+    $request = new UpdateSecretRequest();
+    $request->setSecret($secret);
+    $request->setUpdateMask($fieldMask);
+
+    // Update the secret.
+    $newSecret = $client->updateSecret($request);
+
+    // Print the new secret name.
+    printf('Updated secret: %s%s', $newSecret->getName(), PHP_EOL);
+}
+// [END secretmanager_update_secret_with_expiration]
+
+// The following 2 lines are only needed to execute the samples on the CLI
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
diff --git a/secretmanager/test/regionalsecretmanagerTest.php b/secretmanager/test/regionalsecretmanagerTest.php
index 18c9c97ac5..68e80e5567 100644
--- a/secretmanager/test/regionalsecretmanagerTest.php
+++ b/secretmanager/test/regionalsecretmanagerTest.php
@@ -56,11 +56,15 @@ class regionalsecretmanagerTest extends TestCase
     private static $testSecretVersionToDestroy;
     private static $testSecretVersionToDisable;
     private static $testSecretVersionToEnable;
+    private static $testSecretVersionToDestroyWithETag;
+    private static $testSecretVersionToDisableWithETag;
+    private static $testSecretVersionToEnableWithETag;
     private static $testSecretWithTagToCreateName;
     private static $testSecretBindTagToCreateName;
     private static $testSecretWithLabelsToCreateName;
     private static $testSecretWithAnnotationsToCreateName;
     private static $testSecretWithDelayedDestroyToCreateName;
+    private static $testSecretWithExpirationToCreateName;
 
     private static $iamUser = 'user:kapishsingh@google.com';
     private static $locationId = 'us-central1';
@@ -86,16 +90,22 @@ public static function setUpBeforeClass(): void
         self::$testSecretToDelete = self::createSecret();
         self::$testSecretWithVersions = self::createSecret();
         self::$testSecretToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
-        self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions);
-        self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions);
-        self::$testSecretVersionToDisable = self::addSecretVersion(self::$testSecretWithVersions);
-        self::$testSecretVersionToEnable = self::addSecretVersion(self::$testSecretWithVersions);
         self::$testSecretWithTagToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
         self::$testSecretBindTagToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
         self::$testSecretWithLabelsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
         self::$testSecretWithAnnotationsToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
         self::$testSecretWithDelayedDestroyToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
+        self::$testSecretWithExpirationToCreateName = self::$client->projectLocationSecretName(self::$projectId, self::$locationId, self::randomSecretId());
+
+        self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions);
+        self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions);
+        self::$testSecretVersionToDisable = self::addSecretVersion(self::$testSecretWithVersions);
+        self::$testSecretVersionToEnable = self::addSecretVersion(self::$testSecretWithVersions);
         self::disableSecretVersion(self::$testSecretVersionToEnable);
+        self::$testSecretVersionToDestroyWithETag = self::addSecretVersion(self::$testSecretWithVersions);
+        self::$testSecretVersionToDisableWithETag = self::addSecretVersion(self::$testSecretWithVersions);
+        self::$testSecretVersionToEnableWithETag = self::addSecretVersion(self::$testSecretWithVersions);
+        self::disableSecretVersion(self::$testSecretVersionToEnableWithETag);
 
         self::$testTagKey = self::createTagKey(self::randomSecretId());
         self::$testTagValue = self::createTagValue(self::randomSecretId());
@@ -115,6 +125,7 @@ public static function tearDownAfterClass(): void
         self::deleteSecret(self::$testSecretWithLabelsToCreateName);
         self::deleteSecret(self::$testSecretWithAnnotationsToCreateName);
         self::deleteSecret(self::$testSecretWithDelayedDestroyToCreateName);
+        self::deleteSecret(self::$testSecretWithExpirationToCreateName);
         sleep(15); // Added a sleep to wait for the tag unbinding
         self::deleteTagValue();
         self::deleteTagKey();
@@ -294,6 +305,20 @@ public function testCreateSecret()
         $this->assertStringContainsString('Created secret', $output);
     }
 
+    public function testDeleteSecretUsingEtag()
+    {
+        $secret = self::createSecret();
+        $name = self::$client->parseName($secret->getName());
+
+        $output = $this->runFunctionSnippet('delete_regional_secret_using_etag', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+        ]);
+
+        $this->assertStringContainsString('Deleted secret', $output);
+    }
+
     public function testDeleteSecret()
     {
         $name = self::$client->parseName(self::$testSecretToDelete->getName());
@@ -307,6 +332,20 @@ public function testDeleteSecret()
         $this->assertStringContainsString('Deleted secret', $output);
     }
 
+    public function testDestroySecretVersionUsingEtag()
+    {
+        $name = self::$client->parseName(self::$testSecretVersionToDestroyWithETag->getName());
+
+        $output = $this->runFunctionSnippet('destroy_regional_secret_version_using_etag', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+            $name['secret_version'],
+        ]);
+
+        $this->assertStringContainsString('Destroyed secret version', $output);
+    }
+
     public function testDestroySecretVersion()
     {
         $name = self::$client->parseName(self::$testSecretVersionToDestroy->getName());
@@ -321,6 +360,20 @@ public function testDestroySecretVersion()
         $this->assertStringContainsString('Destroyed secret version', $output);
     }
 
+    public function testDisableSecretVersionUsingEtag()
+    {
+        $name = self::$client->parseName(self::$testSecretVersionToDisableWithETag->getName());
+
+        $output = $this->runFunctionSnippet('disable_regional_secret_version_using_etag', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+            $name['secret_version'],
+        ]);
+
+        $this->assertStringContainsString('Disabled secret version', $output);
+    }
+
     public function testDisableSecretVersion()
     {
         $name = self::$client->parseName(self::$testSecretVersionToDisable->getName());
@@ -335,6 +388,20 @@ public function testDisableSecretVersion()
         $this->assertStringContainsString('Disabled secret version', $output);
     }
 
+    public function testEnableSecretVersionUsingEtag()
+    {
+        $name = self::$client->parseName(self::$testSecretVersionToEnableWithETag->getName());
+
+        $output = $this->runFunctionSnippet('enable_regional_secret_version_using_etag', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+            $name['secret_version'],
+        ]);
+
+        $this->assertStringContainsString('Enabled secret version', $output);
+    }
+
     public function testEnableSecretVersion()
     {
         $name = self::$client->parseName(self::$testSecretVersionToEnable->getName());
@@ -405,6 +472,23 @@ public function testIamRevokeAccess()
         $this->assertStringContainsString('Updated IAM policy', $output);
     }
 
+    public function testListSecretVersionsWithFilter()
+    {
+        $name = self::$client->parseName(self::$testSecretWithVersions->getName());
+
+        // Filter for enabled versions.
+        $filter = 'state = ENABLED';
+
+        $output = $this->runFunctionSnippet('list_regional_secret_versions_with_filter', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+            $filter,
+        ]);
+
+        $this->assertStringContainsString('Found secret version', $output);
+    }
+
     public function testListSecretVersions()
     {
         $name = self::$client->parseName(self::$testSecretWithVersions->getName());
@@ -418,6 +502,21 @@ public function testListSecretVersions()
         $this->assertStringContainsString('secret version', $output);
     }
 
+    public function testListSecretsWithFilter()
+    {
+        $name = self::$client->parseName(self::$testSecret->getName());
+
+        $filter = 'name:' . $name['secret'];
+
+        $output = $this->runFunctionSnippet('list_regional_secrets_with_filter', [
+            $name['project'],
+            $name['location'],
+            $filter,
+        ]);
+
+        $this->assertStringContainsString('Found secret', $output);
+    }
+
     public function testListSecrets()
     {
         $name = self::$client->parseName(self::$testSecret->getName());
@@ -431,6 +530,21 @@ public function testListSecrets()
         $this->assertStringContainsString($name['secret'], $output);
     }
 
+    public function testUpdateSecretUsingEtag()
+    {
+        $name = self::$client->parseName(self::$testSecret->getName());
+
+        $output = $this->runFunctionSnippet('update_regional_secret_using_etag', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+            'etaglabel',
+            'etagvalue',
+        ]);
+
+        $this->assertStringContainsString('Updated secret', $output);
+    }
+
     public function testUpdateSecret()
     {
         $name = self::$client->parseName(self::$testSecret->getName());
@@ -649,4 +763,43 @@ public function testUpdateSecretWithDelayedDestroyed()
         $secret = self::getSecret($name['project'], $name['location'], $name['secret']);
         $this->assertEquals(self::$testDelayedDestroyTime, $secret->getVersionDestroyTtl()->getSeconds());
     }
+
+    public function testCreateSecretWithExpiration()
+    {
+        $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName);
+
+        $output = $this->runFunctionSnippet('create_regional_secret_with_expiration', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+        ]);
+
+        $this->assertStringContainsString('Created secret', $output);
+    }
+
+    public function testUpdateSecretWithExpiration()
+    {
+        $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName);
+
+        $output = $this->runFunctionSnippet('update_regional_secret_with_expiration', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+        ]);
+
+        $this->assertStringContainsString('Updated secret', $output);
+    }
+
+    public function testDeleteSecretExpiration()
+    {
+        $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName);
+
+        $output = $this->runFunctionSnippet('delete_regional_secret_expiration', [
+            $name['project'],
+            $name['location'],
+            $name['secret'],
+        ]);
+
+        $this->assertStringContainsString('Updated secret', $output);
+    }
 }
diff --git a/secretmanager/test/secretmanagerTest.php b/secretmanager/test/secretmanagerTest.php
index 11b9dd3bd6..b3affd5480 100644
--- a/secretmanager/test/secretmanagerTest.php
+++ b/secretmanager/test/secretmanagerTest.php
@@ -59,11 +59,15 @@ class secretmanagerTest extends TestCase
     private static $testSecretVersionToDestroy;
     private static $testSecretVersionToDisable;
     private static $testSecretVersionToEnable;
+    private static $testSecretVersionToDestroyWithETag;
+    private static $testSecretVersionToDisableWithETag;
+    private static $testSecretVersionToEnableWithETag;
     private static $testSecretWithTagToCreateName;
     private static $testSecretBindTagToCreateName;
     private static $testSecretWithLabelsToCreateName;
     private static $testSecretWithAnnotationsToCreateName;
     private static $testSecretWithDelayedDestroyToCreateName;
+    private static $testSecretWithExpirationToCreateName;
 
     private static $iamUser = 'user:sethvargo@google.com';
     private static $testLabelKey = 'test-label-key';
@@ -93,6 +97,7 @@ public static function setUpBeforeClass(): void
         self::$testSecretWithLabelsToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId());
         self::$testSecretWithAnnotationsToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId());
         self::$testSecretWithDelayedDestroyToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId());
+        self::$testSecretWithExpirationToCreateName = self::$client->secretName(self::$projectId, self::randomSecretId());
 
         self::$testSecretVersion = self::addSecretVersion(self::$testSecretWithVersions);
         self::$testSecretVersionToDestroy = self::addSecretVersion(self::$testSecretWithVersions);
@@ -100,6 +105,11 @@ public static function setUpBeforeClass(): void
         self::$testSecretVersionToEnable = self::addSecretVersion(self::$testSecretWithVersions);
         self::disableSecretVersion(self::$testSecretVersionToEnable);
 
+        self::$testSecretVersionToDestroyWithETag = self::addSecretVersion(self::$testSecretWithVersions);
+        self::$testSecretVersionToDisableWithETag = self::addSecretVersion(self::$testSecretWithVersions);
+        self::$testSecretVersionToEnableWithETag = self::addSecretVersion(self::$testSecretWithVersions);
+        self::disableSecretVersion(self::$testSecretVersionToEnableWithETag);
+
         self::$testTagKey = self::createTagKey(self::randomSecretId());
         self::$testTagValue = self::createTagValue(self::randomSecretId());
     }
@@ -116,6 +126,7 @@ public static function tearDownAfterClass(): void
         self::deleteSecret(self::$testSecretWithLabelsToCreateName);
         self::deleteSecret(self::$testSecretWithAnnotationsToCreateName);
         self::deleteSecret(self::$testSecretWithDelayedDestroyToCreateName);
+        self::deleteSecret(self::$testSecretWithExpirationToCreateName);
         sleep(15); // Added a sleep to wait for the tag unbinding
         self::deleteTagValue();
         self::deleteTagKey();
@@ -310,6 +321,20 @@ public function testCreateSecretWithUserManagedReplication()
         $this->assertStringContainsString('Created secret', $output);
     }
 
+    public function testDeleteSecretUsingEtag()
+    {
+        // Create a fresh secret to delete with etag.
+        $secret = self::createSecret();
+        $name = self::$client->parseName($secret->getName());
+
+        $output = $this->runFunctionSnippet('delete_secret_using_etag', [
+            $name['project'],
+            $name['secret'],
+        ]);
+
+        $this->assertStringContainsString('Deleted secret', $output);
+    }
+
     public function testDeleteSecret()
     {
         $name = self::$client->parseName(self::$testSecretToDelete->getName());
@@ -322,6 +347,19 @@ public function testDeleteSecret()
         $this->assertStringContainsString('Deleted secret', $output);
     }
 
+    public function testDestroySecretVersionUsingEtag()
+    {
+        $name = self::$client->parseName(self::$testSecretVersionToDestroyWithETag->getName());
+
+        $output = $this->runFunctionSnippet('destroy_secret_version_using_etag', [
+            $name['project'],
+            $name['secret'],
+            $name['secret_version'],
+        ]);
+
+        $this->assertStringContainsString('Destroyed secret version', $output);
+    }
+
     public function testDestroySecretVersion()
     {
         $name = self::$client->parseName(self::$testSecretVersionToDestroy->getName());
@@ -335,6 +373,19 @@ public function testDestroySecretVersion()
         $this->assertStringContainsString('Destroyed secret version', $output);
     }
 
+    public function testDisableSecretVersionUsingEtag()
+    {
+        $name = self::$client->parseName(self::$testSecretVersionToDisableWithETag->getName());
+
+        $output = $this->runFunctionSnippet('disable_secret_version_using_etag', [
+            $name['project'],
+            $name['secret'],
+            $name['secret_version'],
+        ]);
+
+        $this->assertStringContainsString('Disabled secret version', $output);
+    }
+
     public function testDisableSecretVersion()
     {
         $name = self::$client->parseName(self::$testSecretVersionToDisable->getName());
@@ -348,6 +399,19 @@ public function testDisableSecretVersion()
         $this->assertStringContainsString('Disabled secret version', $output);
     }
 
+    public function testEnableSecretVersionUsingEtag()
+    {
+        $name = self::$client->parseName(self::$testSecretVersionToEnableWithETag->getName());
+
+        $output = $this->runFunctionSnippet('enable_secret_version_using_etag', [
+            $name['project'],
+            $name['secret'],
+            $name['secret_version'],
+        ]);
+
+        $this->assertStringContainsString('Enabled secret version', $output);
+    }
+
     public function testEnableSecretVersion()
     {
         $name = self::$client->parseName(self::$testSecretVersionToEnable->getName());
@@ -414,6 +478,22 @@ public function testIamRevokeAccess()
         $this->assertStringContainsString('Updated IAM policy', $output);
     }
 
+    public function testListSecretVersionsWithFilter()
+    {
+        $name = self::$client->parseName(self::$testSecretWithVersions->getName());
+
+        // Filter for enabled versions.
+        $filter = 'state = ENABLED';
+
+        $output = $this->runFunctionSnippet('list_secret_versions_with_filter', [
+            $name['project'],
+            $name['secret'],
+            $filter,
+        ]);
+
+        $this->assertStringContainsString('Found secret version', $output);
+    }
+
     public function testListSecretVersions()
     {
         $name = self::$client->parseName(self::$testSecretWithVersions->getName());
@@ -426,6 +506,20 @@ public function testListSecretVersions()
         $this->assertStringContainsString('secret version', $output);
     }
 
+    public function testListSecretsWithFilter()
+    {
+        $name = self::$client->parseName(self::$testSecret->getName());
+
+        $filter = 'name:' . $name['secret'];
+
+        $output = $this->runFunctionSnippet('list_secrets_with_filter', [
+            $name['project'],
+            $filter,
+        ]);
+
+        $this->assertStringContainsString('Found secret', $output);
+    }
+
     public function testListSecrets()
     {
         $name = self::$client->parseName(self::$testSecret->getName());
@@ -438,6 +532,20 @@ public function testListSecrets()
         $this->assertStringContainsString($name['secret'], $output);
     }
 
+    public function testUpdateSecretUsingEtag()
+    {
+        $name = self::$client->parseName(self::$testSecret->getName());
+
+        $output = $this->runFunctionSnippet('update_secret_using_etag', [
+            $name['project'],
+            $name['secret'],
+            'etaglabel',
+            'etagvalue',
+        ]);
+
+        $this->assertStringContainsString('Updated secret', $output);
+    }
+
     public function testUpdateSecret()
     {
         $name = self::$client->parseName(self::$testSecret->getName());
@@ -642,4 +750,40 @@ public function testUpdateSecretWithDelayedDestroyed()
         $secret = self::getSecret($name['project'], $name['secret']);
         $this->assertEquals(self::$testDelayedDestroyTime, $secret->getVersionDestroyTtl()->getSeconds());
     }
+
+    public function testCreateSecretWithExpiration()
+    {
+        $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName);
+
+        $output = $this->runFunctionSnippet('create_secret_with_expiration', [
+            $name['project'],
+            $name['secret'],
+        ]);
+
+        $this->assertStringContainsString('Created secret', $output);
+    }
+
+    public function testUpdateSecretWithExpiration()
+    {
+        $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName);
+
+        $output = $this->runFunctionSnippet('update_secret_with_expiration', [
+            $name['project'],
+            $name['secret'],
+        ]);
+
+        $this->assertStringContainsString('Updated secret', $output);
+    }
+
+    public function testDeleteSecretExpiration()
+    {
+        $name = self::$client->parseName(self::$testSecretWithExpirationToCreateName);
+
+        $output = $this->runFunctionSnippet('delete_secret_expiration', [
+            $name['project'],
+            $name['secret'],
+        ]);
+
+        $this->assertStringContainsString('Updated secret', $output);
+    }
 }