Create and control access to secrets
Improve security with secrets management and principles of least privilege. Plus, you can encrypt, secure, and manage secrets on Google Cloud with the tools you already know.
Why GCP for secrets management
Protect your data with out-of-the-box encryption
Data on Google Cloud Platform is always encrypted at rest. You also have the option of choosing between Google-managed encryption keys, customer-managed encryption keys (CMEK), and customer-supplied encryption keys (CSEK) for many products.
Leverage the tools you already use
In addition to Cloud Key Management Service (Cloud KMS) and Cloud HSM, Google has a team of engineers dedicated to ensuring that third-party open-source security tools include GCP support. And with well-supported community tooling on GCP, DevOps or DevSecOps are easier to adopt.
Collaborate and share
Use Cloud Identity and Access Management (Cloud IAM) to share access to encryption keys, secrets, and more. Enable collaboration while practicing principles of least privilege. And leverage third-party tools to provision time-based access to GCP services like Cloud SQL, compute for contractors, or data pipelines.
Turn Google Cloud into your control plane for secrets management and maintain access from other public and private clouds. Plus, share secrets across clouds and quickly revoke access if needed.
Build with built-in best practices
Our teams of security experts codify security best practices and recommendations, so you can spend less time deciding on cipher suites and more time building your applications and services.
Secrets management on Google Cloud
Use Google-hosted and managed keys to encrypt, decrypt, and sign data.
Protect your cryptographic keys in a fully managed cloud-hosted hardware security module service.
Secure, store, and tightly control access to tokens, passwords, certificates, API keys, and other secrets in modern computing.
See documentation, security solutions, and blogs related to secrets management on Google Cloud.
Secret management with Cloud KMS
Using encrypted resources
Understand, create, and use a secret
Getting started with Cloud KMS
Using Vault for secret management
How to dynamically generate GCP IAM credentials with a new HashiCorp Vault secrets engine
Trust and security
Learn and build
New to GCP? Get started with any GCP product for free with a $300 credit.
Need more help?
Our experts will help you build the right solution or find the right partner for your needs.