Manage your Cloud Run secrets securely with Secret Manager

Опубликовано 13 мая 2021, 15:00

Code shown in this episode → goo.gle/3boFqFb
Secret Manager docs → goo.gle/3eFNtzm

Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data that provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud. In this episode of Serverless Expeditions Extended, Martin demos how you can update an existing Cloud Run service to use Secret Manager without changing any code and while applying the Principle of Least Privilege. Watch to learn how you can use Secret Manager with your Cloud Run service!

Timestamps:
0:00​ - Intro
1:31 - Secret Manager
1:45 - Updating a Cloud Run service to use Secret Manager
2:48 - Putting the database password in Secret Manager
3:25 - Referencing Secret Manager from Cloud Run
3:45 - What did we achieve?
4:47 - Two other ways of accessing Secret Manager
5:42 - Wrap-up

Clarification on the video: if you mount a secret as an environment variable (and point it to the “latest” version of that secret), the latest value of the secret is loaded whenever a Cloud Run instance of your service is started. This happens all the time. So even if you don’t re-deploy your Cloud Run service yourself, the new value of the secret will eventually make it into your Cloud Run service.

Checkout more episodes of Serverless Expeditions → goo.gle/ServerlessExpeditions
Subscribe to Google Cloud Tech → goo.gle/GoogleCloudTech

#ServerlessExpeditions​ #ServerlessExpeditionsExtended #CloudRun

Product: Cloud Run, Secret Manager; fullname: Martin Omander;