Secret Manager conceptual overview

This topic explains the main Secret Manager concepts.


A secret is a project-global object that contains a collection of metadata and secret versions. The metadata can include replication locations, labels, and permissions. The secret versions store the actual secret data, such as an API key or credential.


A secret version stores the actual secret data, such as API keys, passwords, or certificates.

You can address individual versions of a secret. You cannot modify a version, but you can delete it.


Rotation is the process where you periodically update to a different version to reinforce security.

By storing many versions of a secret and rotating as needed, you can better maintain consistent and secure access to any system that requires those credentials.

A secret is often rotated when a new version is created. You might also want to rotate secrets regularly to limit the secret's lifecycle.

What's next

Bu sayfayı yararlı buldunuz mu? Lütfen görüşünüzü bildirin:

Şunun hakkında geri bildirim gönderin...

Secret Manager Documentation