The store and manage private data, including usernames, passwords, API keys, and certificates, with the aid of Google Secret Manager
A global resource called a secret holds a set of secret versions and metadata
Among the metadata are replication sites, labels, annotations, and permissions
Versions facilitate the management of emergency rollbacks and phased rollouts
All secrets are protected by default using AES-256 bit encryption keys while they are at rest and TLS while they are in transit
Customers who need more exact control over encrypting sensitive data might use CMEK
Using IAM roles and permissions, you can provide specific access to specific Secret Manager Google Secret Manager resources
Google Secret Manager is a fully-managed, scalable system for storing, managing, operating, auditing, and accessing secrets used across Google Cloud services, including GKE and Compute Engine