Google Cloud wants to keep users’ secrets…at a charge

Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

Source:-devclass.com

Devs using Google Cloud who feel like it could really do with some better secret management can now head over to their accounts and take the currently in beta Secret Manager service for a spin.
Up until now, GC customers could always resort to command line tool Berglas to store and retrieve confidential data such as API keys and credentials. Secret Manager however is more of an integrated service, more along the lines of what Google’s competitors offer as part of their platforms, like AWS Secrets Manager or Azure Key Vault. Berglas friends can breathe easy, though, since the open source helper apparently isn’t meant to go anywhere soon and using both tools in combination is an option.
However, the last Berglas version also contained a migrate command for those looking to move their secrets to the new service. Secret Manager has an API and client libraries for secret creation, with Cloud SDK being an alternative. For data encryption TLS (in transit) and AES-256-bit encryption keys (at rest) is used.
Secret Manager comes with features such as global names and replications, audit logging and first class versioning, some of which stem from initial feedback on the service. The fact that secret names are global within a project for example is meant to help with regionalisation issues. Since compliance guidelines might call for secret data to be stored in special regions though, replication policies let customers decide whether Google should automatically choose where to replicate secrets to or provide a list of allowed regions themselves.
Advertisement
Out of the box access to secrets is only granted to project owners. Other roles must be granted permission first and there’s audit logging in place which can be used to find slightly off access patterns which could hint on security breaches. Secret Manager also versions secret data with secret versions, making operations replicable, and offers ways of pinning specific versions as well as an alias for the most recent version of a secret.
Although Secret Manager is still in beta with limited support, it isn’t free to use. Currently users will be charged $0.03 per 10,000 operations and $0.06 per active secret version per regional replica per month. More information can be found in the products docs.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x