Command Palette

Search for a command to run...

Cloud Secret Manager logo
In category [Database]

Cloud Secret Manager

position in category
#19

Secure storage system for API keys, passwords, certificates, and other sensitive data. Stores secrets as binary blobs or text strings with versioning and access control, so applications can fetch configuration at runtime without embedding credentials in code.

Google Cloud Secret Manager differentiates with first-class versioning and floating aliases like "latest" for zero-downtime rotation. Cloud IAM integration enforces least privilege per secret, and every interaction generates an audit log via Cloud Audit Logs for compliance. Encrypted by default in transit with TLS and at rest with AES-256.

Key capabilities:

  • First-class versioning: immutable secret data, pin to specific versions or floating aliases, automate rotation with Cloud Functions
  • Cloud IAM integration: grant permissions per secret, separate management from access, VPC Service Controls for hybrid environments
  • Replication policies: project-global names with regional storage, choose regions or automatic placement
  • API-first design: REST API and client libraries, integration with Terraform and GitHub Actions
  • Audit logging: every access and management operation logged for compliance and anomaly detection

Teams store database credentials, third-party API keys, and TLS certificates for Cloud Run, GKE, and Compute Engine workloads. CI/CD pipelines inject secrets into builds via GitHub Actions or Cloud Build without storing them in source. Compliance-focused organizations rely on audit trails and least-privilege roles to meet regulatory requirements while rotating secrets programmatically.

GitHub Repositories
61
-6.2%
Trending down this week
Removed in 4 repos