How To Create and Access Secrets Using Gcloud CLI?

Reading Time: 3 minutes

Hello Folks. I hope you all are doing so well. In this blog we will learn about How To Create and Access Secrets Using Gcloud CLI? So stay tuned.

Perquisites :

Download the Gcloud CLI on your system and configure it properly.

What Is Secret Manager In GCP?

Secret Manager allows you to store manage and access your secrets like database passwords, API keys, TLS certificates etc.

The application that is running in google cloud can retrieve this secrets from the secret manager as we needed. But why? The reason is we should not write or store any credentials or its equally entities in a paper or a text file or somewhere else. Which may lead to leakage or a cyber security attacks.

As a best practice we should only use secret manager to store all your application credentials and it’s associated entities like API keys, TLS certificates and so on.

Features Of Secret Manager :

Versioning :

It’s secrets can be versioned. And we can access any version of the secret.

Replication Policies :

We can replicate the value of secret across multiple regions for it’s availability or you can google to replicate the same automatically. Replication is so important when it’s come to high availabiltiy.

Cloud IAM Integration :

It has access control using IAM. By default the project owners can access secrets.

Audit Logging :

It is very important to catch the logs of secret manager or cloud audit logs for logging every interaction. It is use to anomaly detection and alerting. We can use cloud audit logs for this.

Encryption :

The data and the values are store in secrets manager is encrypted with default. AES-256 encryption is the algorithm used by default.

Now let’s see the demo part :

The first thing we need to do is enable the Google Secret Manager service:

gcloud services enable

So; now here the two ways of creating the secrets :

First one is by the help of echo command :

I am creating a secret is very simple. Here i am creating a secret called “First-password” that contains the value “Demo”:

echo -n "Demo" | gcloud secrets create First-password --data-file=-

Now I can also create a secret where the value is the contents of a file :

gcloud secrets create Second-password-2 --data-file=/home/knoldus/Desktop/password.txt

Here i am create the password.txt file and store the secret in this or give my file path over here.

Now; to check what secrets are present inside the secret manager , we can simply run this command :

gcloud secrets list

As you can see the first password that was created by me and simply you will get to see other passwords as well :

Accessing a Secret :

So; now we access this particular passwords. so command is :

gcloud secrets versions access latest --secret=First-password

here i access my First-password so output is :

Now I can access my another secret i.e Second-password-2 :

gcloud secrets versions access latest --secret=Second-password-2

So this is another output here.

Conclusion :

So in this blog we learn about how to create the secrets, access the secrets using via Gcloud CLI. I hope this blog will help you.

Happy Learning.

Written by 

Mayuri Dhote is a Software Consultant at Knoldus Software. She has completed her MCA from VIT University. She has very dedicated towards her work. She has always ready to learn new things. Her practice area is Devops. When not working, you will find her writing poems and poetry.