Console
    Contact Us Start free

    Configure Secret Manager in Application Design Center

    Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. For more information, see Secret Manager overview .

    This document describes the connections and parameters you can configure when using App Design Center to create a Secret Manager secret. The configuration parameters are based on the terraform-google-secret-manager Terraform module.

    Component connections

    The following table includes the components that you can connect to Secret Manager, and the resulting updates to your application and its generated Terraform code.

    Connected component

    Application updates

    Background information

    Service account
    • The service account can access the secret data.
    • The roles/secretmanager.secretAccessor role is assigned to the Compute Engine instance template service account.
    Manage access to secrets
    Cloud Run
    • The Cloud Run instance can reference the secret data.
    • The Secret Manager Secret Datafield is referenced by the Cloud Run env_secret_vars field.
    • The roles/secretmanager.secretAccessor role is added to the Cloud Run service account.
    Configure secrets for services
    Cloud SQL (MySQL)
    • Secret Manager stores user information.
    • The Secret Manager Secret Datafield contains the password for the default user.
    Use Secret Manager to handle secrets in Cloud SQL
    Cloud SQL (PostgreSQL)
    • Secret Manager stores user information.
    • The Secret Manager Secret Datafield contains the password for the default user.
    Use Secret Manager to handle secrets in Cloud SQL

    Required configuration parameters

    If your template includes a Secret Manager component, you must configure the following parameters before you deploy.

    Parameter name

    Description and constraints

    Background information

    Project ID

    The project where you want to deploy the Secret Manager resource.

    		 Configure components

    Name

    The name of the secret to create.

    		 Create a secret

    Secret Data

    The secret data. Must be no larger than 64 KiB. This property is sensitive and is not displayed in the plan.

    		 Create a secret

    Optional configuration parameters

    The following parameters are optional. To display advanced parameters, in the Configurationarea, select Show optional fields.

    Feature

    Parameter name

    Description and constraint information

    Background information

    Rotation

    Rotation period
    rotationPeriod
    About rotation schedules
    Next rotation time
    nextRotationTime
    Create and manage rotation schedules

    User managed replication

    Region
    location
    User managed replication
    KMS key name
    kmsKeyName
    User managed replication

    Automatic replication

    KMS key name
    kmsKeyName
    Automatic replication

    Topics

    topics
    Set up notifications on a secret

    Labels

    Key
    labels
    Add labels to secrets
    Value
    labels
    Add labels to secrets
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: