0

I am looking for a safe method of storing an api-key, that is being used inside a Google cloud function.

Process: I am using Monday.com to create a webhook, to call the Google cloud functions Entry Point. From here, i am using access tokens created using the Intuit SDK, allowing me to access Quickbooks using their API. However, these access tokens expire, so part of my application refresh's them daily. I would like a way to safely store this access token,and update it every time it changes. I will need the "google cloud function" to be able to access this updated key at any moment.

Any tips would be much appreciated. Thankyou!

drew wood
  • 195
  • 1
  • 5
  • Google Secret Manager is designed to store secrets. You can also use Cloud Storage, KMS, Vault, etc. Review the available services to see which one fits your secret management strategy. Suggestion: I often use Cloud Storage or Secret Manager. Both provide secure access that Functions can easily access. – John Hanley Aug 28 '23 at 16:05

1 Answers1

2

Posting this as community wiki for other's sake:

As for @John Hanley said:

Google Secret Manager is designed to store secrets. You can also use Cloud Storage, KMS, Vault, etc. Review the available services to see which one fits your secret management strategy. Suggestion: I often use Cloud Storage or Secret Manager. Both provide secure access that Functions can easily access.

Additional reference:

DominicT
  • 388
  • 1
  • 9