Google Cloud Secret Manager

Google Cloud Secret Manager is a fully managed service for storing, managing, and accessing sensitive data like API keys, passwords, certificates, and other secrets. It provides automatic encryption at rest and in transit, integrates seamlessly with Google Cloud services, supports secret versioning, and offers fine-grained IAM controls. The service includes audit logging through Cloud Audit Logs, regional and global secret storage options, and programmatic access through client libraries. Unlike AWS Secrets Manager, it doesn't include built-in automatic rotation but focuses on secure storage and access control.

You can read more about GCP secret manager here.

Usage

To enable GCP secret manager you need to add the id, key, and region to the YAML under the gcp_secret_manager key.

Fields

id

This is the id of the GCP secret key

name: first-rrelayer
description: "my first rrelayer"
api_config:
  port: 3000
  authentication_username: ${RRELAYER_AUTH_USERNAME}
  authentication_password: ${RRELAYER_AUTH_PASSWORD}
signing_provider: 
  gcp_secret_manager:  
    id: "testing-josh-relayer"

key

In GCP secret you set objects and it returns the JSON. The key is the property you have set for mnemonic on

name: first-rrelayer
description: "my first rrelayer"
api_config:
  port: 3000
  authentication_username: ${RRELAYER_AUTH_USERNAME}
  authentication_password: ${RRELAYER_AUTH_PASSWORD}
signing_provider: 
  gcp_secret_manager:  
    id: "testing-josh-relayer"
    key: "seed"

service_account_key_path

This is pointing to your service account json to allow authentication to happen

name: first-rrelayer
description: "my first rrelayer"
api_config:
  port: 3000
  authentication_username: ${RRELAYER_AUTH_USERNAME}
  authentication_password: ${RRELAYER_AUTH_PASSWORD}
signing_provider: 
  gcp_secret_manager:  
    id: "testing-josh-relayer"
    key: "seed"
    service_account_key_path: "./gcp-service-account.json"