Is there a way to store secrets in GCP, similar to Azure vault?

Question

I have been trying to find a way to store secrets in GCP. I have explored Google Cloud KMS. It seems to be only for creating encryption keys, that can be used to encrypt say GCP storage elements. Or, maybe I missed something. I have also seen, there is a way to integrate Hashicorp vault. But, I was looking for a solution in GCP itself, something like Azure Vault. My end goal is to store a secret somewhere and use it in a Cloud Function.

Any help would be appreciated. Thanks!

score 4 · Accepted Answer · answered Apr 03 '20 at 08:38

4

Google Cloud recently launched Secret Manager which is exactly what you're looking for.

Secret Manager allows you to store, manage, and access secrets as binary blobs or text strings. With the appropriate permissions, you can view the contents of the secret.

As you correctly pointed out, a key management system, such as Cloud KMS, allows you to manage cryptographic keys and to use them to encrypt or decrypt data. However, you cannot view, extract, or export the key material itself.

answered Apr 03 '20 at 08:38

LundinCast

7,759
4
26
40

Thanks, @LundinCast! I was able to create a secret. Working on accessing it from Cloud Function. Stuck with granting function secretAccessor permission. Let's see. :) Thanks again! – Shikhar Ambashta Apr 03 '20 at 09:38
1

https://cloud.google.com/secret-manager/docs/managing-secrets#managing_access_to_secrets – sethvargo Apr 03 '20 at 13:48
Thanks! I was able to complete the task – Shikhar Ambashta Apr 24 '20 at 06:32

score 1 · Answer 2 · answered Apr 03 '20 at 15:03

In addition to Secret Manager mentioned above you may want to check out HashiCorp Vault. HV is open source and will allow you to manage secrets in multi-cloud or hybrid environments. HV was the recommended approach before Google's Secret Manager went GA.

Is there a way to store secrets in GCP, similar to Azure vault?

2 Answers2