Read as
Last updated: April 29, 2026
GCP’s native secrets store. Simpler than Vault; sufficient for most.
GCP’s native secrets store. Simpler than Vault; sufficient for most.
Features
- Versioned secrets (latest, specific version)
- IAM-scoped access
- Replication policies (auto / user-managed)
- Cloud KMS encryption
- Audit log per access
- Secret Manager Notifications for rotation triggers
Pattern
gcloud secrets create my-secret --replication-policy=automatic
gcloud secrets versions add my-secret --data-file=./secret.txt
# In application
from google.cloud import secretmanager
client = secretmanager.SecretManagerServiceClient()
name = "projects/PROJECT/secrets/my-secret/versions/latest"
secret = client.access_secret_version(name=name).payload.data.decode("UTF-8")🧠
Check your understanding
Module Quiz · 4 questions
Pass with 80%+ to mark this module complete. Unlimited retries. Each question shows an explanation.
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants