Google Cloud Secret Manager is a service by Google Cloud Platform (GCP) designed to securely store and manage sensitive data, such as API keys, passwords, and certificates. It acts as a centralized repository, providing tools for storing, accessing, and controlling confidential information in the cloud. Secret Manager is designed to help businesses and developers protect their critical digital assets by offering a secure and convenient storage system.
Key features include centralized management, encryption at rest and in transit, versioning of secrets, fine-grained access control through integration with Google Cloud's IAM, and audit logging. Secret Manager enables simple lifecycle management, with versioning and the ability to pin requests to the latest version of a secret. It supports automatic or user-defined regional replication for disaster recovery and high availability. All data is encrypted by default, with the option for Customer-Managed Encryption Keys (CMEK) for more control.
The pricing of Secret Manager is based on the number of active secret versions, access operations, and rotation notifications. As part of the Google Cloud Free Tier, Secret Manager provides some resources for free, including six active secret versions, 10,000 access operations, and three rotation notifications per month. As of February 2026, the cost for active secret versions is $0.06 per version per month, $0.03 for every 10,000 access operations, and $0.05 per rotation notification.
Google Cloud Secret Manager is generally available. To use it, you need a Google Cloud account and must enable the Secret Manager API for your project. The service offers automatic replication, but users can also select specific regions for replication to meet compliance requirements.