Google Cloud recently unveiled a new service called Secret Manager, which is meant to provide a convenient and secure way to store API keys, passwords, certificates, and any other sensitive data that users may need to access on an ongoing basis. Basically, it serves as the central location for managing, accessing, and auditing secrets across the Google Cloud Platform.
Currently, the service is available in beta to all Google Cloud customers. Those interested in trying it out can get started using the Secret Manager Quickstarts, which shows you how to create and access secrets across your Google Cloud Platform.
Before jumping in, here’s what you should know about the features and functionality of Google Cloud’s Secret Manager.
Global names and replication
Some users want to have complete control over the regions where their secret data is stored. Others don’t have much of a preference. Secret manager uses replication policies to give customers the best of both worlds. Essentially, you can choose between automatic and user-managed replication policies. So if it’s important for you to choose a region, you have that option. If not, you can opt for global or automatic storage.
Versioning
Secret Manager automatically versions secret data to protect your secrets and give you access to specific versions of your information throughout gradual rollout, emergency rollback, and auditing processes. When you perform operations that impact your data, like access, destroy, disable, and enable, those actions take place on a secret version. Then when needed, you can pin a secret to specific versions.
Audit logging in Secret Manager
Cloud Audit Logging is a feature that allows Secret Manager to generate an audit entry for every interaction. You can use these logs to locate abnormal access patterns or integrate them with anomaly detection systems in order to detect potential security breaches.
These are just a few of the main functions of Secret Manager. The platform also offers encryption guarantees, service controls, and high-level permission settings to support organizational security even further.
Featured image: Freerange Stock
