This topic explains the main Secret Manager concepts.
A secret is a project-global object that contains a collection of metadata and secret versions. The metadata can include replication locations, labels, and permissions. The secret versions store the actual secret data, such as an API key or credential.
A secret version stores the actual secret data, such as API keys, passwords, or certificates.
You can address individual versions of a secret. You cannot modify a version, but you can delete it.
Rotation is the process where you periodically update to a different version to reinforce security.
By storing many versions of a secret and rotating as needed, you can better maintain consistent and secure access to any system that requires those credentials.
A secret is often rotated when a new version is created. You might also want to rotate secrets regularly to limit the secret's lifecycle.