Google Cloud has announced a new tool to help its users to safely store their API keys, passwords, certificates and other data, which is called Secret Manager. Using this new tool, Google Cloud is able to offer its users a single tool to be able to manage data of this kind and is also a centralized source of truth. This is a kind of tool that many large organisations also don’t seem to often have.
“Many applications require credentials to connect to a database, API keys to invoke a service or certificates for authentication. Managing and securing access to these secrets is often complicated by secret sprawl, poor visibility, or lack of integrations,” Seth Vargo, Google developer advocate and product manager Matt Driscoll had written in an announcement.
Google had given an open-source command-line tool for managing secrets, using Berglas. Secret Manager and Berglas work together to offer users the ability to move their secrets from the open-source tool in secret Manager and also make use of Berglas to be able to create and access secrets from the cloud-based tool too.
Using KMS, Google gives a completely managed key management system (like Google Cloud’s rivals do as well). These two tools very much complement each other. Instead of storing secrets, KMS encryps the stored secrets somewhere else. Secret Manager offers an easy way to store and manage the secrets in Google Cloud.
Secret manager has the tools needed to be able to manage secret versions and audit logging, for example. Secrets in Secret Manager is also a project-based global resource, the company maintains, even while rival tools usually manage secrets on a regionla basis.
The new tool is in its beta stage and is available to all of Google Cloud’s customers.