Secret Manager lets you avoid storing secrets in your codebase. Instead, you store them in Secret Manager and fetch them programmatically when you need them. With Cloud Code's Secret Manager integration, you can easily create, view, update, and use secrets.
This page describes how to access Secret Manager in your IDE and how you can get started creating and managing secrets.
Enabling Secret Manager
Your secret needs to be in the same project as your application code and Secret Manager API needs to be enabled for your project.
To launch Secret Manager, click the Secret Manager tab in the right Cloud Code sidebar or go to Tools > Cloud Code > Secret Manager.
If you haven't enabled the Secret Manager API, enable it when Cloud Code prompts you by clicking Enable API.
Creating and viewing secrets
Creating secrets
You can create a secret using one of the following methods:
Using the Secret Manager pane
Navigate to the Secret Manager pane.
Click + Add.
In the Create Secret dialog, configure your secret and then click OK.
Using the editor
- Open a file containing text you would like to store as a secret in the editor.
- Highlight the text to store as a secret, right-click the text, and then click Create Secret in Secret Manager.
- In the Create Secret dialog, configure your secret and then click OK.
Using the project explorer
In the project explorer, without highlighting any text, right-click and then click Create Secret in Secret Manager.
In the Create Secret dialog, configure your secret and then click OK.
Creating new versions of secrets
To update an existing secret, create a new version of the secret:
In the Secret Manager pane, right-click a secret and then click New Version.
In the Add new version dialog, set the value of your existing secret by using the Secret value field or by importing a file.
To remove all previous versions of your secret and keep just the new version you're creating, choose Disable all past versions.
Click OK. Your version is added, you can see your latest secret version, and if applicable, all the versions of your secret listed on the Versions tab.
Viewing secrets
To view secrets, in the Secret Manager pane, select a secret from the list displayed in the Secret Name section. Its details such as name, replication policy, creation timestamp, and resource ID are listed in the Overview tab.
To view and manage a secret in your browser, right-click the secret and then choose Open in Cloud console.
Accessing secrets from your application
After your secret is created, you can include it in your code and set up authentication.
To access your newly created secret from your application, follow these steps:
- In the Secret Manager pane, click the name of the secret you want to access in code and then click the Code tab.
- Click Install the Secret Manager client library.
- On the Secret Manager API page, set the Google Cloud project and enable the Secret Manager API if you haven't already.
- Follow the instructions under Install Client Library for the language you're using.
- Customize and include the relevant code snippet in your application's code.
- If you're using a service account, assign your Google service account the role required to access your Secret Manager secret. For information about IAM roles available for Secret Manager, see the Secret Manager access control guide.
- To complete your authentication setup, follow the instructions in Setting up authentication.