Reputation: 353
Is there a way to store secrets in GCP, similar to Azure vault?
I have been trying to find a way to store secrets in GCP. I have explored Google Cloud KMS. It seems to be only for creating encryption keys, that can be used to encrypt say GCP storage elements. Or, maybe I missed something. I have also seen, there is a way to integrate Hashicorp vault. But, I was looking for a solution in GCP itself, something like Azure Vault. My end goal is to store a secret somewhere and use it in a Cloud Function.
Any help would be appreciated. Thanks!
Upvotes: 6
Views: 10131
Answers (2)
Reputation: 3915
In addition to Secret Manager mentioned above you may want to check out HashiCorp Vault. HV is open source and will allow you to manage secrets in multi-cloud or hybrid environments. HV was the recommended approach before Google's Secret Manager went GA.
Upvotes: 2
Reputation: 9810
Google Cloud recently launched Secret Manager which is exactly what you're looking for.
Secret Manager allows you to store, manage, and access secrets as binary blobs or text strings. With the appropriate permissions, you can view the contents of the secret.
As you correctly pointed out, a key management system, such as Cloud KMS, allows you to manage cryptographic keys and to use them to encrypt or decrypt data. However, you cannot view, extract, or export the key material itself.
Upvotes: 7
Related Questions
- Look up secrets from gcloud secrets manager directly as secretGenerator with kustomize
- GCP 2nd generation Cloud Functions: How can I use Secrets?
- Using GCP secret manager for hundreds of secrets in Cloud Run
- Inserting secrets into GCP VM instance from secrets manager
- How to use a Google Secret in a deployed Cloud Run Service (managed)?
- Using GCP secrets as part of cloud build
- Access secrets in GCP secret manager from PODs
- Access secret manager from cloud function in GCP. What IAM settings to use?
- Google Cloud - Vaults storing, User Name and Passwords
- How should I store secrets for use in Google Cloud Platform?