Google Cloud has announced a new tool designed to help users securely store their API keys, passwords, certificates and other data called Secret Manager.
Secret Manager provides the company’s customers with a single tool to manage their data as well as a centralized source of truth.
In a blog post announcing the new tool, Google developer advocate Seth Vargo and product manager Matt Driscoll provided further insight on the kinds of problems Secret Manager will help solve, saying:
“Many applications require credentials to connect to a database, API keys to invoke a service, or certificates for authentication. Managing and securing access to these secrets is often complicated by secret sprawl, poor visibility, or lack of integrations.”
Google already provides an open-source command-line tool for managing secrets called Berglas. With the launch of Secret Manager, both tools will work together and users will even be able to move their secrets from the open-source tool to Secret Manager. Berglas can also be used to create and access secrets from Secret Manager.
Google’s Key Management Service (KMS) provides users with a fully managed system to handle their keys. However, KMS does not actually store the secrets but instead encrypts the secrets you store elsewhere. Secret Manager on the other hand, provides users with a way to easily store and manage these secrets in Google Cloud.
Secret Manager includes the tools needed to manage secret versions and audit logging. The secrets stored in the tool are also project-based global resources which sets it apart from competing tools which often manage secrets on a regional basis.
Google Cloud customers can begin using Secret Manager today as the new tool is currently in beta and available to all.