Manage your Cloud Run secrets securely with Secret Manager

17 051
13.05.21 – 9 9738:49
Service accounts & security
104 days – 8 4811:40
Cloud Functions in a minute
Published on 13 May 2021, 15:00
Code shown in this episode →
Secret Manager docs →

Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data that provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud. In this episode of Serverless Expeditions Extended, Martin demos how you can update an existing Cloud Run service to use Secret Manager without changing any code and while applying the Principle of Least Privilege. Watch to learn how you can use Secret Manager with your Cloud Run service!

0:00​ - Intro
1:31 - Secret Manager
1:45 - Updating a Cloud Run service to use Secret Manager
2:48 - Putting the database password in Secret Manager
3:25 - Referencing Secret Manager from Cloud Run
3:45 - What did we achieve?
4:47 - Two other ways of accessing Secret Manager
5:42 - Wrap-up

Clarification on the video: if you mount a secret as an environment variable (and point it to the “latest” version of that secret), the latest value of the secret is loaded whenever a Cloud Run instance of your service is started. This happens all the time. So even if you don’t re-deploy your Cloud Run service yourself, the new value of the secret will eventually make it into your Cloud Run service.

Checkout more episodes of Serverless Expeditions →
Subscribe to Google Cloud Tech →

#ServerlessExpeditions​ #ServerlessExpeditionsExtended #CloudRun

Product: Cloud Run, Secret Manager; fullname: Martin Omander;
Fresh videos
5 days – 5470:21
IntroSYW7 1
5 days – 4681:02
6 days – 934 1803:04:11
The 500 FPS Gaming PC!