- Secret Manager is a secure and convenient method to store API keys, passwords, certificates, and other sensitive data.
- It provides a central place as the source of truth to manage, access, and audit secrets across Google Cloud.
- Secret names are project-global resources, but secret data is stored in regions.
- You can choose specific regions in which to store your secrets.
- Secret data is immutable and most operations take place on secret versions.
- Secret Manager integrates with IAM.
- Every interaction with Secret Manager generates an audit entry with Cloud Logging enabled to help you detect system anomalies.
- You can enable context-aware access to Secret Manager from hybrid environments using VPC Service Controls.
- Secret Manager charges for operations and active secret versions.
- A version is considered active if it is in the ENABLED or DISABLED state.