Google Cloud Secret Manager
Store, manage, and access secrets as API keys, passwords, or certificates in Google Cloud.
Free Secret Versions
6 active secret versions
Free Access Operations
10,000 per month
Encryption
AES-256-GCM at rest
About Google Cloud Secret Manager
Google Cloud Secret Manager allows you to store, manage, and access sensitive data like API keys, passwords, and certificates. It provides strong security with features like secret versioning, regionalization, and integration with IAM for fine-grained access control. All administrative actions and secret accesses are logged to Cloud Audit Logs for robust auditing. The service helps developers avoid hardcoding secrets in source code and can be used to automatically rotate credentials for databases or other services. It integrates with Cloud KMS for encryption and can be accessed programmatically via REST APIs and client libraries, or through the command line.
Core Features
Secret Versioning
Secrets can have multiple versions. You can pin a secret to a specific version like 'latest' or a numbered version.
Replication Policy
Choose to replicate secrets automatically across Google Cloud regions or manage replication manually by selecting specific regions.
Rotation Scheduling
Set a rotation schedule for a secret and send notifications to a Pub/Sub topic to trigger rotation workflows.
Access Methods
Access secrets via REST API, client libraries (Python, Java, Go, etc.), and the gcloud command-line tool.
Security & Control
Iam Integration
Leverages Google Cloud's Identity and Access Management (IAM) to provide fine-grained permissions for managing and accessing secrets.
Audit Logging
All admin activity and secret access operations are recorded in Cloud Audit Logs for security analysis and compliance.
Vpc Service Controls
Use VPC Service Controls to create a security perimeter and prevent data exfiltration from Secret Manager.
Customer-Managed Encryption Keys
Encrypt secrets with keys you manage in Cloud KMS (CMEK).