My application needs a bunch of secrets to run: database credentials, API credentials, etc. It's running in Google App Engine Standard Java 11. I need these secrets as environment variables or as a...

I am building an http endpoint with Google Cloud Functions. I have an encrypted secret stored as a file that is loaded and decrypted in the function as a way to prevent my secret from being stored ...

This a newbie security/console question...I created a key ring in my project in a specific (wrong) location, Europe. I can't see any way in the console to edit or even delete a key ring. The key ...

I'm trying to create a Cloud Build trigger where secret environment variables are encrypted with cloud KMS and stored as a substitution variable in Cloud Build. This way my cloud build yaml is fair...

I am using a Google Cloud Function (GCF) with a Pubsub trigger which sends a HTTP request to a third party API. The GCF receives notifications from a Pubsub topic used by a service which should no...

I have been trying to find a way to store secrets in GCP. I have explored Google Cloud KMS. It seems to be only for creating encryption keys, that can be used to encrypt say GCP storage elements. O...

How can I access the variables I define in Google Secret Manager from my Google Cloud Build Pipeline ?

If I follow the cloud build document, I have to specify encrypted secret on cloudbuild.yaml. secrets: - kmsKeyName: projects/[PROJECT-ID]/locations/global/keyRings/[KEYRING-NAME]/cryptoKeys/[KEY-N...

I am wondering if you please help me out with the following question. What are the differences between the KMS and the secret manager in GCP? Thank you in advance. https://cloud.google.com/secret...

I am building a Node.js application that receives a long term access token from another application that I need to access. I don't want to store these access tokens directly in the database since a...

I am trying to decrypt a token using the google KMS tool. Running it locally, for some reason, encryption seems to work but not decryption. I am running the following code: import base64 import g...

I have some code to upload and download files from Google Cloud Storage. Below is an abbreviated example: import ( "context" "io" "cloud.google.com/go/storage" ) func upload(bucket, keyName, p...

This GCP article suggests using two separate projects: one for key management, another for encryption/decryption. This seems like a setup that works with User roles, but not with Service roles as...