Secret Manager

GCPSecurityFree tier available

Fully managed secret storage with automatic replication across regions, VPC Service Controls integration, CMEK encryption, version history, per-secret IAM, and rotation via Cloud Scheduler plus Cloud Run hooks — used by GKE, Cloud Run, and Compute Engine workloads

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore GCP in TreemapExplore security in Honeycomb
DocumentationPricing

Attributes

SLA Uptime
99.9%
Encryption
Yes

Sub-services (3)

Secrets

Versioned encrypted payloads accessed by IAM-scoped principals

Regional Secrets

Region-pinned secrets for workloads with data-residency requirements

Rotation

Scheduled rotation via Cloud Scheduler + Cloud Run / Cloud Functions callbacks

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001HIPAAPCI DSSFedRAMP

Where this runs

44 regions
28 countries
2sovereign
Sovereign regions (2)
  • T-Systems Sovereign Cloud · FrankfurtT-Systems Sovereign Cloud powered by Google Cloud
  • S3NS Sovereign Cloud · ParisS3NS — Google Cloud + Thales joint venture
Commercial regions (42)

Europe (13)

  • Belgium
  • Finland
  • Paris
  • Berlin
  • Frankfurt
  • Milan
  • Turin
  • Netherlands
  • Warsaw
  • Madrid
  • Stockholm
  • Zurich
  • London

North America (12)

  • Montréal
  • Toronto
  • Querétaro
  • Northern Virginia
  • Columbus
  • Iowa
  • Dallas
  • Las Vegas
  • Los Angeles
  • South Carolina
  • Salt Lake City
  • Oregon

South America (2)

  • São Paulo
  • Santiago

Asia (9)

  • Hong Kong
  • Delhi
  • Mumbai
  • Jakarta
  • Osaka
  • Tokyo
  • Singapore
  • Seoul
  • Taiwan

Oceania (2)

  • Melbourne
  • Sydney

Middle East (3)

  • Tel Aviv
  • Doha
  • Dammam

Africa (1)

  • Johannesburg

Tags

secretscredentialsrotationapi-keyssecurity

Equivalent services on other platforms

AWS Secrets ManagerAWS

Fully managed service to store, rotate, and audit secrets such as database credentials, API keys, and OAuth tokens with native rotation Lambda integrations for RDS, Redshift, and DocumentDB

Azure Key VaultAzure

Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement

OCI VaultOracle

Centralised key and secret management service with HSM-backed symmetric and asymmetric keys, automatic rotation, and envelope encryption for OCI resources

Pricing

Pricing model:pay-as-you-go