- Home
- Secret Manager
Learn optimization tips from IT leaders from Uber, Air Asia, Deloitte, ADT and more at our free IT Heroes Summit. Watch now.
Store API keys, passwords, certificates, and other sensitive data. New customers get $300 in free credits to spend on Secret Manager. All customers get six secret versions for analyzing and storing sensitive data.
Try it free
Go to console
View documentation for this product.
Build more secure applications with Secret Manager
Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.
Least Privilege made easy
Easily follow the Principle of Least Privilege with Secret Manager's Cloud IAM roles. You can grant individual permissions to secrets and separate the ability to manage secrets from the ability to access their data.
Simplified life cycle management
Secret Manager enables simple life cycle management with first class versioning and the ability to pin requests to the latest version of a secret. You can use Cloud Functions to automate rotation.
Powerful auditing, built in
With Cloud Audit Logs integration, every interaction with Secret Manager generates an audit log. This integration makes meeting audit and compliance requirements easy.
Secret Manager features
Replication policies
Secret names are project-global resources, but secret data is stored in regions. You can choose specific regions in which to store your secrets, or you can let us decide. Either way, we automatically handle the replication of secret data.
First-class versioning
Secret data is immutable and most operations take place on secret versions. With Secret Manager, you can pin a secret to specific versions like "42" or floating aliases like "latest."
Cloud IAM integration
Control access to secrets the same way you control access to other Google Cloud resources. Only project owners have permission to access Secret Manager secrets; other roles must explicitly be granted permissions through Cloud IAM.
Audit logging
With Cloud Audit Logs enabled, every interaction with Secret Manager generates an audit entry. You can ingest these logs into anomaly detection systems to spot abnormal access patterns and alert on possible security breaches.
Encrypted by default
Data is encrypted in transit with TLS and at rest with AES-256-bit encryption keys.
VPC Service Controls support
Enable context-aware access to Secret Manager from hybrid environments with VPC Service Controls.
Powerful and extensible
Secret Manager's API-first design makes it easy to extend and integrate into existing systems. It is also integrated into popular third-party technologies like HashiCorp Terraform and GitHub Actions.
Resources
- Secret Manager quickstart View quickstart
- Creating and accessing secrets View documentation
- Managing secret versions View documentation
- SDK and client libraries View documentation
- Accessing the API View documentation
Pricing
When you use Secret Manager, you are charged for operations and active secret versions. A version is active if it is in the ENABLED or DISABLED state. View pricing details
Take the next step
Start building on Google Cloud with $300 in free credits and 20+ always free products.
Try it free
Need help getting started?
Contact sales
Work with a trusted partner
Find a partner
Continue browsing
See all products
Take the next step
Start your next project, explore interactive tutorials, and manage your account.
Go to console
Need help getting started?
Contact sales
Work with a trusted partner
Find a partner
Get tips & best practices
See tutorials
[{ "type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }]