Google Secret Manager

The store and manage private data, including usernames, passwords, API keys, and certificates, with the aid of Google Secret Manager

A global resource called a secret holds a set of secret versions and metadata

Among the metadata are replication sites, labels, annotations, and permissions

Versions facilitate the management of emergency rollbacks and phased rollouts

All secrets are protected by default using AES-256 bit encryption keys while they are at rest and TLS while they are in transit

Customers who need more exact control over encrypting sensitive data might use CMEK

Using IAM roles and permissions, you can provide specific access to specific Secret Manager Google Secret Manager resources

Google Secret Manager is a fully-managed, scalable system for storing, managing, operating, auditing, and accessing secrets used across Google Cloud services, including GKE and Compute Engine