Lab Details:

1. This lab walks you through Secret Manager.

2. In this lab, we will create secrets and keep database credentials as secrets.

3. We will then access those secret versions using the cloud function and validate whether the database is fetching valid results.

4. Duration: 60 minutes

What is a Secret Manager:

• If your hosted application in GCP needs to talk to a database or any other service, you need passwords and keys. These things should be kept secret to avoid any threats. That is why, we have Secret Manager in GCP

• Secret Manager stores sensitive data such as passwords, API keys, and certificates. The data which is stored in Secret Manager will be encrypted by default with AES-256bit encryption.

• The secret manager provides multiple versions of secrets by defining each and every version for separate passwords. You can also audit the usage of secrets using Cloud audit logs and you can automate this secret using Cloud Function.

• While creating a secret in Secret Manager you can upload the certificate or you can directly enter the secret value to store in Secret manager.

• The secret can be stored in multiple locations according to your convenience. The encryption Google managed key is used by default. You can also use a Customer-Managed Encryption Key. Therefore, once you create a secret you can access it from your application by directly calling the API using the SecretID.

How it is different from Cloud KMS:

Cloud KMS(Key Management Service) is a service that is used to create and manage cryptographic keys. It follows the encryption and decryption process whereas the Secret Manager stores the credentials in a vault (secret) instead of encrypting and decrypting them.

Lab Tasks:

1. Login into the GCP Console.

2. Creating a Cloud SQL Instance.

3. Create a Cloud SQL Database.

4. Creating a Secret.

5. Creating a Cloud Function, deploy, and test.

6. Using Cloud Shell, connect to DB Instance to check whether mentioned DB is fetching records successfully.