Search for a command to run...
Secure storage system for API keys, passwords, certificates, and other sensitive data. Stores secrets as binary blobs or text strings with versioning and access control, so applications can fetch configuration at runtime without embedding credentials in code.
Google Cloud Secret Manager differentiates with first-class versioning and floating aliases like "latest" for zero-downtime rotation. Cloud IAM integration enforces least privilege per secret, and every interaction generates an audit log via Cloud Audit Logs for compliance. Encrypted by default in transit with TLS and at rest with AES-256.
Key capabilities:
Teams store database credentials, third-party API keys, and TLS certificates for Cloud Run, GKE, and Compute Engine workloads. CI/CD pipelines inject secrets into builds via GitHub Actions or Cloud Build without storing them in source. Compliance-focused organizations rely on audit trails and least-privilege roles to meet regulatory requirements while rotating secrets programmatically.