GCPcloud~15 mins

Secret Manager for credentials in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Secret Manager for credentials

📖 Scenario: You are building a secure cloud application on Google Cloud Platform (GCP). You need to store sensitive credentials safely so that only authorized services can access them.Using GCP Secret Manager helps keep your credentials safe and separate from your code.

🎯 Goal: Create a secret in GCP Secret Manager with a specific name and secret data. Then configure access permissions to allow a service account to read the secret.

📋 What You'll Learn

Create a secret named my-db-password in Secret Manager

Add the secret data SuperSecret123! as the first version

Create a variable for the service account email my-service-account@my-project.iam.gserviceaccount.com

Grant the service account the roles/secretmanager.secretAccessor role on the secret

💡 Why This Matters

🌍 Real World

Storing database passwords, API keys, and other sensitive credentials securely in cloud applications.

💼 Career

Essential skill for cloud engineers and developers to manage secrets safely and follow security best practices.

Progress0 / 4 steps

Create the secret resource

Create a variable called secret_name and set it to the string "projects/my-project/secrets/my-db-password".

GCP

# Create a variable called secret_name with the full secret resource name
# Your code here

Need a hint?

The secret resource name includes the project ID and the secret ID.

Set the service account email

Create a variable called service_account_email and set it to the string "my-service-account@my-project.iam.gserviceaccount.com".

GCP

secret_name = "projects/my-project/secrets/my-db-password"
# Create a variable called service_account_email with the service account email
# Your code here

Need a hint?

The service account email is used to grant access permissions.

Add the secret data version

Create a variable called secret_data and set it to the string "SuperSecret123!".

GCP

secret_name = "projects/my-project/secrets/my-db-password"
service_account_email = "my-service-account@my-project.iam.gserviceaccount.com"
# Create a variable called secret_data with the secret string
# Your code here

Need a hint?

This is the sensitive password you want to store securely.

Grant access permission to the service account

Create a variable called access_role and set it to the string "roles/secretmanager.secretAccessor" to grant read access to the secret.

GCP

secret_name = "projects/my-project/secrets/my-db-password"
service_account_email = "my-service-account@my-project.iam.gserviceaccount.com"
secret_data = "SuperSecret123!"
# Create a variable called access_role with the role string
# Your code here

Need a hint?

This role allows the service account to read the secret value.