With Cloud Code's Secret Manager integration, you can create, view, update, and use secrets within your IDE and without having them in your codebase.
This page describes how to access Secret Manager within your IDE and how you can get started creating and managing secrets.
Enabling Secret Manager
When managing secrets with Cloud Code, secrets are securely stored in Secret Manager and can be programmatically fetched when you need them. All you need is the Secret Manager API enabled and the right permissions to manage secrets:
To launch Secret Manager, click on the Secret Manager tab in the right Cloud Code sidebar.
If you haven't enabled the Secret Manager API, Cloud Code prompts you to enable it within the Secret Manager panel by clicking 'Enable API'.
Your secret also needs to be in the same project as your application code; ensure you have the right project selected or switch using the project selector in the Secret Manager panel.
Creating and viewing secrets
You can create a secret with one of the following methods:
Using the Secret Manager panel
Navigate to the Secret Manager panel.
Click the 'Add' icon.
This launches a Create Secret dialog where you can set your secret's project, name, and value, as well as choose a region to store your secret and labels to organize your secrets.
Using the editor
- Open a file containing text you would like to store as a secret in the editor.
Highlight and right-click this text.
From the menu, select the
Create Secret in Secret Manager...menu item. This opens the Create Secret dialog with the secret value filled in with the highlighted text. You can customize the secret's project, name, value, region, and labels here.
Using the project explorer
- In the project explorer, without highlighting any text, right-click.
- From the menu, select the
Create Secret in Secret Manager...menu item. This opens the Create Secret dialog. Choose your secret's project, name, value, region, and labels here, and click 'OK' when done.
Creating new versions of secrets
If you have an existing secret and would like to update it, you can do so by navigating to the 'Versions' tab of the Secret Manager panel:
Click the 'Add' icon within the 'Versions' tab.
This launches a Add new version dialog where you can set the value of your existing secret either using the Secret value field or by importing a file.
If you'd prefer to remove all previous versions of your secret and keep just the new version being created, choose 'Disable all past versions'.
Once you click 'OK' and your version is added, you can see your latest secret version, and if applicable, all the versions of your secret listed under the 'Versions' tab.
To view secrets, within the Secret Manager panel, select a secret from the list displayed in the Secret Name section. Its details such as name, replication policy, creation timestamp, and resource ID are listed in the 'Overview' tab.
You can also right-click the secret and choose 'Open in Cloud Code' to view and manage the secret in your browser.
Accessing secrets from your application
Once your secret is created, you can include it in your code and set up authentication.
To access your newly created secret from your application, follow these steps:
Install the Secret Manager client library.
Navigate to Tools > Cloud Code > Add Cloud Libraries and Manage Cloud APIs and select Secret Manager > Secret Manager API from the Google Cloud APIs explorer tree. Follow the language-specific instructions laid out in the Install Client Library section.
Customize and include the relevant code snippet in your application's code.
If you're using a service account, you also need to assign your Google service account the role required to access your particular Secret Manager secret. For more on IAM roles available for Secret Manager, refer to the Secret Manager access control guide.
Follow the instructions detailed in the Setting up authentication section of the Client libraries guide to complete your authentication setup.