Secrets management

Encrypt, store, manage, and audit infrastructure and application-level secrets.

Create and control access to secrets

Improve security with secrets management and principles of least privilege. Plus, you can encrypt, secure, and manage secrets on Google Cloud with the tools you already know.

Why GCP for secrets management

Protect your data with out-of-the-box encryption

Data on Google Cloud Platform is always encrypted at rest. You also have the option of choosing between Google-managed encryption keys, customer-managed encryption keys (CMEK), and customer-supplied encryption keys (CSEK) for many products.

Leverage the tools you already use

In addition to Cloud Key Management Service (Cloud KMS) and Cloud HSM, Google has a team of engineers dedicated to ensuring that third-party open-source security tools include GCP support. And with well-supported community tooling on GCP, DevOps or DevSecOps are easier to adopt.

Collaborate and share

Use Cloud Identity and Access Management (Cloud IAM) to share access to encryption keys, secrets, and more. Enable collaboration while practicing principles of least privilege. And leverage third-party tools to provision time-based access to GCP services like Cloud SQL, compute for contractors, or data pipelines.

Adopt multi-cloud

Turn Google Cloud into your control plane for secrets management and maintain access from other public and private clouds. Plus, share secrets across clouds and quickly revoke access if needed.

Build with built-in best practices

Our teams of security experts codify security best practices and recommendations, so you can spend less time deciding on cipher suites and more time building your applications and services.

Secrets management on Google Cloud

Cloud KMS

Use Google-hosted and managed keys to encrypt, decrypt, and sign data.

Cloud HSM

Protect your cryptographic keys in a fully managed cloud-hosted hardware security module service.

HashiCorp Vault

Secure, store, and tightly control access to tokens, passwords, certificates, API keys, and other secrets in modern computing.


See documentation, security solutions, and blogs related to secrets management on Google Cloud.

Secret management with Cloud KMS

Using encrypted resources

Understand, create, and use a secret

Getting started with Cloud KMS

Using Vault for secret management

How to dynamically generate GCP IAM credentials with a new HashiCorp Vault secrets engine

Trust and security

Google Cloud

Get started

Learn and build

New to GCP? Get started with any GCP product for free with a $300 credit.

Need more help?

Our experts will help you build the right solution or find the right partner for your needs.