Google Cloud Secret Manager Cheat Sheet

• Secret Manager is a secure and convenient method to store API keys, passwords, certificates, and other sensitive data.
• It provides a central place as the source of truth to manage, access, and audit secrets across Google Cloud.

Features

• Secret names are project-global resources, but secret data is stored in regions.
• You can choose specific regions in which to store your secrets.
• Secret data is immutable and most operations take place on secret versions.
• Secret Manager integrates with IAM.

• Every interaction with Secret Manager generates an audit entry with Cloud Logging enabled to help you detect system anomalies.
• You can enable context-aware access to Secret Manager from hybrid environments using VPC Service Controls.
• Simplified life cycle management: First-class versioning allows you to pin requests to the latest version of a secret. Automate secret rotation using Cloud Functions.
• Least privilege access: Use Cloud IAM roles to grant individual permissions to secrets. Separate the ability to manage secrets from the ability to access their secret data.
• Replication policies: Choose specific regions to store your secret data, or let Google automatically handle replication. Secret names are global, but secret data stays in your chosen regions.
• First-class versioning: Secret data is immutable. Pin a secret to specific versions (e.g., “42”) or to floating aliases like “latest.”
• Free tier: A limited number of secret versions are available at no cost each month (the first six versions are free).
• Integration with Cloud Run and Cloud Functions: Securely provide secrets to serverless workloads at runtime.

Pricing

Secret Manager pricing is based on two main factors:

• Active secret versions: Each secret version in the ENABLED or DISABLED state incurs a monthly charge. Destroyed versions are free.
• Operations: Access operations (reading secret data) are charged per operation. Management operations (creating, updating, deleting secrets and versions) are free.
• Notifications: Rotation notifications sent to Pub/Sub topics incur a charge per message.

A free tier is available for a limited number of secret versions and access operations each month.

For current pricing details, refer to the official Google Cloud Secret Manager pricing page.

Google Cloud Secret Manager Cheat Sheet Reference:

https://cloud.google.com/secret-manager