Stack Overflow
Stack Overflow

Questions tagged [google-secret-manager]

Secret Manager provides a secure and convenient tool for storing API keys, passwords, certificates, and other sensitive data on Google Cloud Platform.

Secret Manager is a Google Cloud product that provides a secure and convenient way to store and access API keys, passwords, certificates, and other sensitive data.

Resources

Related Products

312 questions
0
votes
1 answer

How to give permission to applications running on GCP cloud run to access gcp services

I am developing a nodejs application that accesses secrets from gcp secret manager. I ran it locally with directing credentials using the GOOGLE_APPLICATION_CREDENTIALS variable. Then I tried deploying this service to google cloud run, now it throws…
EDPChinthana
  • 144
  • 1
  • 10
0
votes
1 answer

Store .jks file in google secret manager without getting non UTF-8 file?

Thank you for all the replies, I am still facing the issue, just to add more clarity I've given all the details of cloudbuild.yaml and build.gradle and key property details, please let me know if the configuration is correct and let me know how to…
RAHUL BHARADWAJ
  • 31
  • 5
0
votes
1 answer

NodeJS GC function cannot be initialized

Trying out my first NodeJS cloud function so far unsuccessfully despite working fine VS code. Getting following error Function cannot be initialized. Error: function terminated. Looking through the logs I see some potential issues Detailed stack…
Alexander Thomsen
  • 459
  • 1
  • 4
  • 16
0
votes
2 answers

Google Cloud Secrets Manager denies access to App Engine application but works with Google Cloud Function

I'm trying to connect to get a secret from google's secrets manager, and the same code works for Cloud Functions, but not for App Engine. const { SecretManagerServiceClient } = require('@google-cloud/secret-manager'); const…
Konstantin Bodnia
  • 1,372
  • 3
  • 20
  • 43
0
votes
0 answers

Using Secrets Manager to authenticate for Google API

I'm running a flask app that will access Bigquery on behalf of users using a service account they upload. To store those service account credentials, I thought the following might be a good set up: ENV Var: Stores my credentials for accessing google…
Rory Buchanan
  • 21
  • 3
0
votes
2 answers

GCP service account key rotation through secret manager

I have a service account in GCP and I hold its key in a Secret Manager. Is there a way to set a scheduled secret rotation for that secret holding service account key, so the Pub/Sub would be a GCP one, and not managed by me? Does GCP provide such a…
David Taub
  • 734
  • 1
  • 7
  • 27
0
votes
2 answers

Using secret manager on micronaut and default values

I'm using gcp secret manager to store sensitive information; for example to know the password of the database I use ${sm.database.password}. I'd to know whether there is a way to have an alternative value using from a env variable as well as default…
jics
  • 1,897
  • 3
  • 15
  • 24
0
votes
1 answer

Google Cloud Secrets - Reusing a secret

I am using Google Cloud Secrets in a NodeJS Project. I am moving away from using preset environment variables and trying to find out the best practice to store and reuse secrets. The 3 main routes I've found to use secrets are: Fetching all secrets…
tbowden
  • 1,008
  • 1
  • 19
  • 44
0
votes
1 answer

Cloud Run deploy via YAML fails with "Permission denied on secret"

When deploying my Cloud Run service from the command line using a YAML file containing environment variables as secrets (gcloud.run.services.replace), the deployment fails at the "Routing traffic" stage and emits this error. Deployment failed …
Luke Puplett
  • 42,091
  • 47
  • 181
  • 266
0
votes
2 answers

Google Secrets: allow user to manage secrets it creates, without being an Admin

Is it possible to assign a role on Google Secrets to allow a user to create their own secrets, view them, and share them (without being a Secrets Admin)? Aiming to avoid granting the Secrets Admin role, I'm only being able to allow a user to create…
Tomas Romero
  • 8,418
  • 11
  • 50
  • 72
0
votes
0 answers

Using asynchronous credentials with pg-Promise

I am trying to improve application security by loading pg-promise with database information retrieved from Google Secret Manager API. Currently pg-promise is loaded as such in my Express server: const pgp: IMain = pgpromise(initOptions); const db:…
arano879n
  • 55
  • 3
0
votes
1 answer

How would you access Google Secret Manager from an external environment?

I have googled quite heavily the last couple of hours to see if I could use Google Secret Manager from an external service like AWS Lambda or my local PC. I could not find anything helpful, or something that describes properly the steps to do so. I…
CoodleNoodle
  • 324
  • 3
  • 17
0
votes
1 answer

How to keep secrets hidden from gcloud project administrator?

I am devops engineer and project admin in Google Cloud project. Organization has some super sensitive keys that should be accessed by containers running in Kubernetes or Cloud Run, but they should not be accessible by me. So far I see Secrets…
Dmitriy Zhukov
  • 372
  • 2
  • 12
0
votes
1 answer

terraform create k8s secret from gcp secret

I have managed to achieve the flow of creating sensitive resources in terraform, without revealing what the sensitive details are at any point and therefore won't be stored in plain text in our github repo. I have done this by letting TF create a…
sc-leeds
  • 399
  • 3
  • 15
0
votes
2 answers

Google cloudbuild secrets not substituted

I am trying to retrieve secrets from the secrets manager in the cloudbuild.yaml file but I can't find a way. - name: 'gcr.io/cloud-builders/gcloud' args: - beta - run - deploy - ${REPO_NAME} - --region=europe-west2 …
Kevin Amiranoff
  • 13,440
  • 11
  • 59
  • 90
1 2 3
20 21