This topic provides resources for using Secret Manager with other Google Cloud services.
Cloud Build
Access Secret Manager secrets using environment variables in build steps on Cloud Build. See using Secret Manager secrets with Cloud Build for more information.
Cloud Code
Create, view, update, and use secrets within VS Code, IntelliJ, or Cloud Shell with Cloud Code's Secret Manager integration.
Cloud Run functions
Access Secret Manager secrets and expose them as environment variables or using the file system from Cloud Run functions. See using Secret Manager secrets with Cloud Run functions for more information.
You can also use Secret Manager with Cloud Run functions by using a Secret Manager client library or by accessing the Secret Manager API directly.
Cloud Run
Access Secret Manager secrets and expose them as environment variables or using the file system from Cloud Run services. See using Secret Manager secrets with Cloud Run for more information.
You can also use Secret Manager with Cloud Run services by using a Secret Manager client library or by accessing the Secret Manager API directly.
Compute Engine
Use Secret Manager with workloads running on Compute Engine by using a Secret Manager client library or by accessing the Secret Manager API directly.
Google Kubernetes Engine
Use Secret Manager with workloads running on Google Kubernetes Engine (GKE) using one of the following options:
Client libraries: The recommended way to access Secret Manager secrets from workloads running on Google Kubernetes Engine is to use a Secret Manager client library authenticated using Workload Identity Federation for GKE. For more information, see Secret Manager best practices.
Secret Manager add-on: You can use the Secret Manager add-on to access Secret Manager secrets as volumes mounted in Kubernetes Pods. For information, see Use Secret Manager add-on with Google Kubernetes Engine.
Config Connector
Create and manage Secret Manager secrets with Config Connector using a declarative syntax. See the Secret Manager Config Connector resource documentation for more information.
Key Access Justifications
In Secret Manager, you can use Cloud External Key Manager (Cloud EKM) keys to encrypt and decrypt secrets. Key Access Justifications works by adding an additional field to the Cloud EKM requests that lets you view the reason for every request to access the externally managed keys. It lets you approve or deny the access request based on that justification. With select external key management partners, you can automatically approve or deny these requests, based on the justification. See the Key Access Justifications documentation for more information.