diff --git a/docs/data-sources/csms_secret_version.md b/docs/data-sources/csms_secret_version.md
new file mode 100644
index 00000000..d918240c
--- /dev/null
+++ b/docs/data-sources/csms_secret_version.md
@@ -0,0 +1,41 @@
+---
+subcategory: "Data Encryption Workshop (DEW)"
+---
+
+# g42cloud_csms_secret_version
+
+Use this data source to query the version and plaintext of the CSMS(Cloud Secret Management Service) secret.
+
+## Example Usage
+
+```hcl
+data "g42cloud_csms_secret_version" "version_1" {
+  secret_name = "your_secret_name"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String) Specifies the region in which to obtain the CSMS secrets.
+  If omitted, the provider-level region will be used.
+
+* `secret_name` - (Required, String) The name of the CSMS secret to query.
+
+* `version` - (Optional, String) The version ID of the CSMS secret version to query.
+  If omitted, the latest version will be used.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The data source ID.
+
+* `secret_text` - The plaintext of a secret in text format.
+
+* `kms_key_id` - The ID of the KMS CMK used for secret encryption.
+
+* `status` - The status of the CSMS secret version.
+
+* `created_at` - Time when the CSMS secret version created, in UTC format.
diff --git a/g42cloud/provider.go b/g42cloud/provider.go
index aef7cbb9..ba235bfe 100644
--- a/g42cloud/provider.go
+++ b/g42cloud/provider.go
@@ -214,6 +214,7 @@ func Provider() *schema.Provider {
 			"g42cloud_identity_role":              iam.DataSourceIdentityRole(),
 			"g42cloud_images_image":               ims.DataSourceImagesImageV2(),
 			"g42cloud_images_images":              ims.DataSourceImagesImages(),
+			"g42cloud_csms_secret_version":        dew.DataSourceDewCsmsSecret(),
 			"g42cloud_kms_key":                    dew.DataSourceKmsKey(),
 			"g42cloud_kms_data_key":               dew.DataSourceKmsDataKeyV1(),
 			"g42cloud_modelarts_datasets":         modelarts.DataSourceDatasets(),
diff --git a/g42cloud/services/acceptance/dew/data_source_g42cloud_csms_secret_version_test.go b/g42cloud/services/acceptance/dew/data_source_g42cloud_csms_secret_version_test.go
new file mode 100644
index 00000000..886bcc0a
--- /dev/null
+++ b/g42cloud/services/acceptance/dew/data_source_g42cloud_csms_secret_version_test.go
@@ -0,0 +1,73 @@
+package dew
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/g42cloud-terraform/terraform-provider-g42cloud/g42cloud/services/acceptance"
+)
+
+func TestAccDewCsmsSecretVersion_basic(t *testing.T) {
+	name := acceptance.RandomAccResourceName()
+	resourceName := "data.g42cloud_csms_secret_version.version_1"
+
+	dc := acceptance.InitDataSourceCheck(resourceName)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acceptance.TestAccPreCheck(t) },
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDewCsmsSecretVersion_basic(name),
+				Check: resource.ComposeTestCheckFunc(
+					dc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(resourceName, "secret_name", name),
+					resource.TestCheckResourceAttrSet(resourceName, "version"),
+					resource.TestCheckResourceAttr(resourceName, "secret_text", "this is a password"),
+				),
+			},
+			{
+				Config: testAccDewCsmsSecretVersion_version(name),
+				Check: resource.ComposeTestCheckFunc(
+					dc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(resourceName, "secret_name", name),
+					resource.TestCheckResourceAttr(resourceName, "version", "v1"),
+					resource.TestCheckResourceAttr(resourceName, "secret_text", "this is a password"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDewCsmsSecretVersion_basic(name string) string {
+	return fmt.Sprintf(`
+resource "g42cloud_csms_secret" "secret_1" {
+  name        = "%s"
+  secret_text = "this is a password"
+}
+
+data "g42cloud_csms_secret_version" "version_1" {
+  secret_name = "%s"
+
+  depends_on = [g42cloud_csms_secret.secret_1]
+}
+`, name, name)
+}
+
+func testAccDewCsmsSecretVersion_version(name string) string {
+	return fmt.Sprintf(`
+resource "g42cloud_csms_secret" "secret_1" {
+  name        = "%s"
+  secret_text = "this is a new password"
+}
+
+data "g42cloud_csms_secret_version" "version_1" {
+  secret_name = "%s"
+  version     = "v1"
+
+  depends_on = [g42cloud_csms_secret.secret_1]
+}
+`, name, name)
+}