Open in app

Sign in

Write

Sign in

Google Secrets Manager

Udesh Udayakumar
Google Cloud - Community
Published in
2 min readOct 27, 2022

--

Hey everyone, I hope you all are doing well. In this article, I wanted to give you an overview of Google Secrets Manager.

For a career in tech, subscribe to The Cloud Pilot

Secrets

A secret is a global object that contains a collection of metadata and secret versions.

When you create a secret, it has metadata that includes replication locations, labels, annotations, and permissions; and secret versions that contain actual secret data like an API key or credential.

Secret Version

A secret version stores secret data. We can address individual versions of a secret but cannot modify a version. Rather we can delete the version if needed.

Secret manager allows us to store, manage, and access secrets as binary blobs or text.

To view the contents of the secret, the user needs appropriate access permissions. It works well for storing configuration information like DB passwords, API keys, etc.

As per Google, a key management system, such as Cloud KMS, allows you to manage cryptographic keys and use them to encrypt or decrypt data. However, you cannot view, extract, or export the key material itself.

Rotation

A secret can be rotated by adding a new version to the secret. Any version of a given secret can be accessed, as long as that version is enabled. To prevent a secret version from being used, you will have to disable that version.

Encryption of secrets

Google Secret Manager always encrypts the secret data before it is stored. This is followed by the encryption at rest principle of Google Cloud. It manages server-side encryption keys on your behalf. This is done using the same hardened key management system used for your encrypted data. It encrypts user data using the encryption algorithm AES-256.

If you choose to use Secret Manager API, it always communicates over a secure HTTP(S) connection.

Common Use-cases

Here are some of the use cases where you can use Google Secret Manager:

  • Storing credentials/keys used during a CI/CD pipeline
  • TLS Certificate data
  • API Keys
  • Database usernames and passwords

Follow me on LinkedIn

That’s a high-level overview of Google Secret Manager. I hope this helps you. Thank you for reading. See you soon!

Gcp Secret Manager
Google Cloud Platform
Secrets
Cloud Computing
Gcp Security Operations

--

--

Udesh Udayakumar
Google Cloud - Community

Written by Udesh Udayakumar

865 Followers
Writer for

The Cloud Pilot | Google Cloud Champion Innovator If you like my articles, - Buy Me a Pizza https://www.buymeacoffee.com/thecloudpilot

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams