This page provides an overview of data residency and achieving compliance with data residency regulations using regional secrets.
Overview of data residency
Data residency is the concept of keeping data within specific geographical boundaries due to legal, regulatory, or organizational requirements. Data residency isn't just a preference for some businesses; it's a legal and operational necessity. Data residency is essential to comply with regulations like GDPR, HIPAA, or PIPEDA, and to mitigate the risk of fines or legal action.
To learn more about data residency in Google Cloud, see the following Identity and Security blog post: Understanding your options for data residency, operational transparency, and privacy controls on Google Cloud.
Enforce data residency using regional secrets
In Secret Manager, you can enforce data residency by choosing the regional service and creating regional secrets that ensure that your sensitive data is stored and processed within a specific location. With regional secrets, your secret data remains within the chosen location at all times, whether it's at rest, in use, or in transit.
Regional secrets work in the following manner:
- When you create a regional secret, you specify the location where you want it to be stored. The Secret Manager service ensures that the secret data stays within that location's infrastructure.
- Regional secrets can only be accessed by applications or services running within the same location. This adds an extra layer of security by limiting access to authorized entities within the designated region.
- Unlike global secrets, which are often replicated across multiple locations for high availability, regional secrets are not automatically replicated. This ensures strict data residency.