Configuring Secret Manager

This topic describes how to configure your Google Cloud project to use Secret Manager for the first time. These steps are prerequisites for most tasks in Secret Manager, including the quickstart.

When you are becoming familiar with Secret Manager, we recommend using a separate Google Cloud project. Deleting the project also deletes all resources created during testing, including billable resources.

If you are developing an application in an IDE with Cloud Code installed, Secret Manager comes integrated into the extension. This means that you can create, view, update, and use secrets without having to leave your IDE. For more on using Secret Manager with Cloud Code, refer to the secret managing guide for your preferred IDE, VS Code, IntelliJ, or Cloud Shell Editor.

Enable the Secret Manager API and Cloud SDK

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  4. Enable the required API.

    Enable the API

  5. Install and initialize the Cloud SDK.

Assign IAM roles

Before a user can create, manage, list, or access a secret, that user must have the appropriate IAM permissions. You can grant one or more pre-defined roles or create and grant custom roles. For example, a member with the Secret Manager Secret Accessor role (roles/secretmanager.secretAccessor) can access (but not modify) the value of a secret version, including the actual secret data.

For more information, including a list of pre-defined roles for Secret Manager, see Managing access to secrets.

To add a role:

  1. Go to the IAM page in the Cloud Console.

    Go to the IAM page

  2. Click the Project selector drop-down list at the top of the page.

  3. On the Select from dialog that appears, select the organization for which you want to enable Secret Manager.

  4. On the IAM page, next to your username, click Edit.

  5. On the Edit permissions panel that appears, add the necessary roles.

    1. Click Add another role. Select a role to add, such as Secret Manager Secret Accessor.

    2. To add more roles, repeat the previous step. Click Save.

What's next?