Secret Manager provides users with a centralized place to manage their important data and serves as a single source of truth.
In a blog post announcing the tool, Google developer advocate Seth Vargo and product manager Matt Driscoll provided useful insights to understanding the scope of the tool and its usage;
“Many applications require credentials to connect to a database, API keys to invoke a service, or certificates for authentication. Managing and securing access to these secrets is often complicated by secret sprawl, poor visibility, or lack of integrations.”
Google who already has an open-source secret-data manager called Berglas which basically runs from the command line explained that the new tool and the old one with work together in such a way that users can transfer data between Berglas and Secret Manager and if they so desire can move completely from the open-source tool to the new one.
Google’s Key Management Service (KMS) provides users with a fully managed system to handle their keys. But the problem with KMS is that it does not actually store the data but rather encrypts it the secrets you store elsewhere. By contrast, Secret Manager stores your data directly on the cloud providing you with a way to manage it right where you stored it the way you stored it without any decryption needed.
The secrets stored in the tool are also project-based global resources that set it apart from competing tools that often manage secrets on a regional basis.
Google Cloud customers can access the tool as of today as it is available to all in beta version.