With Cloud Code's Secret Manager integration, you can create, view, update, and use secrets within your IDE and without having them in your codebase.
This page describes how to access Secret Manager within your IDE and how you can get started creating and managing secrets.
Enabling Secret Manager
When managing secrets with Cloud Code, secrets are securely stored in Secret Manager and can be programmatically fetched when you need them. All you need is the Secret Manager API enabled and the right permissions to manage secrets:
To launch Secret Manager, click on the Secret Manager tab in the right Cloud Code sidebar.
If you haven't enabled the Secret Manager API, Cloud Code prompts you to enable it within the Secret Manager panel by clicking Enable API.
Your secret also needs to be in the same project as your application code; ensure you have the right project selected or switch using the project selector in the Secret Manager panel.
Creating and viewing secrets
You can create a secret with one of the following methods:
Using the Secret Manager panel
Navigate to the Secret Manager panel.
Click the Add icon.
This launches a Create Secret dialog where you can set your secret's project, name, and value, as well as choose a region to store your secret and labels to organize your secrets.
Using the editor
- Open a file containing text you would like to store as a secret in the editor.
Highlight and right-click this text.
From the menu, select the
Create Secret in Secret Manager...menu item. This opens the Create Secret dialog with the secret value filled in with the highlighted text. You can customize the secret's project, name, value, region, and labels here.
Using the project explorer
- In the project explorer, without highlighting any text, right-click.
- From the menu, select the
Create Secret in Secret Manager...menu item. This opens the Create Secret dialog. Choose your secret's project, name, value, region, and labels here, and click OK when done.
Creating new versions of secrets
If you have an existing secret and would like to update it, you can do so by navigating to the Versions tab of the Secret Manager panel:
Click the Add icon within the Versions tab.
This launches a Add new version dialog where you can set the value of your existing secret either using the Secret value field or by importing a file.
If you'd prefer to remove all previous versions of your secret and keep just the new version being created, choose Disable all past versions.
Once you click OK and your version is added, you can see your latest secret version, and if applicable, all the versions of your secret listed under the Versions tab.
To view secrets, within the Secret Manager panel, select a secret from the list displayed in the Secret Name section. Its details such as name, replication policy, creation timestamp, and resource ID are listed in the Overview tab.
You can also right-click the secret and choose Open in Cloud Console to view and manage the secret in your browser.
Viewing secret versions
To view versions of a secret, select a secret from the list displayed in the Secret Name section and select the Versions tab.
Right-click the secret version you'd like to take action on and choose from the available options; viewing the secret value, copying the version ID, enabling or disabling the version, and destroying the selected version.
Accessing secrets from your application
Once your secret is created, you can include it in your code and set up authentication.
To access your newly created secret from your application, follow these steps:
Install the Secret Manager client library.
Navigate to Tools > Cloud Code > Add Cloud Libraries and Manage Cloud APIs and select Secret Manager > Secret Manager API from the Google Cloud APIs explorer tree. Follow the language-specific instructions laid out in the Install Client Library section.
Customize and include the relevant code snippet in your application's code.
Finally, to complete your authentication setup, you need to follow the Client libraries authentication guide:
- Local development: If you're developing on a local cluster (like minikube, Docker Desktop) or a local emulator, you should complete the steps illustrated in the Local development section relevant to your workflow.
- Remote development: If you're using a GKE cluster or a Cloud Run service in your application, you should complete the steps illustrated in the Remote development section relevant to your workflow, including the Secret Manager-specific instructions for setting up the required roles on your service account.