Type "**Secret Manager**" in the search bar and click on the **Secret Manager** option

**What is Secret Manager?**\
\
**Secret Manager** is a Google Cloud service that securely stores, manages, and accesses sensitive information, such as API keys, passwords, and certificates. It provides a centralized and secure way to handle secrets by offering features like encryption, access controls, versioning, and auditing. Secret Manager helps ensure that sensitive data is protected and can be accessed only by authorized users and services.

**Secret Manager API** wizard will open, click on the **ENABLE** button

**What is Secret Manager API?**\
\
The **Secret Manager API** is a Google Cloud API that allows you to programmatically manage secrets stored in Secret Manager. It provides endpoints for creating, accessing, updating, and deleting secrets. Using the Secret Manager API, you can integrate secret management into your applications and services, automate secret operations, and securely retrieve sensitive information. The API supports features such as encryption, versioning, and access controls to ensure the secure handling of secrets.

**Secret Manager** wizard will open, click on the **CREATE SECRET** button

**Create secret** wizard will open, give the Name as - "**my-secret**"

Scroll to the **Secret value** section, here you can browser and upload the secret value file

Scroll to the **Secret value** text input field, here you can add your secret value

Scroll to the **Replication policy** section

**What is Replication policy?**\
\
A **replication policy** in Google Cloud Storage determines how data is duplicated and distributed across different locations to ensure its durability and availability. It specifies the number of copies and their geographical distribution, with options like Multi-Regional for high availability across regions, Regional for within-region replication, Nearline for infrequent access, and Coldline for long-term, rarely accessed storage.

Scroll to the **Encryption** section and select the option **Google-managed encryption key**

**Note:** You can select the option as per your requirement.

**What is Google-managed encrypion key?**\
\
A **Google-managed encryption key** is an encryption key that is automatically created, managed, and rotated by Google Cloud. This key is used to encrypt and decrypt data stored in Google Cloud services without requiring user intervention. Google handles the key's lifecycle, including its security and availability, ensuring that your data is protected with minimal management overhead on your part.

**What is Rotation?**\
\
**Rotation** in the context of encryption keys refers to the process of periodically updating or replacing encryption keys to enhance security. This practice helps protect data by reducing the risk associated with key compromise and ensuring that outdated or vulnerable keys are not used. Key rotation involves creating new keys, migrating encrypted data to use the new keys, and securely retiring the old keys. It is an essential part of maintaining robust security and compliance in data protection strategies.

Scroll to the **Notifications** section, here you can add a topic for the Notification

**What are Notifications?**\
\
**Notifications** are alerts or messages sent to inform users or systems about specific events or changes. In cloud environments, notifications can be used to signal updates, failures, or status changes related to resources and services. They can be configured to send alerts via email, SMS, or other communication channels, helping users stay informed and take appropriate actions based on the notifications they receive.

Scroll to the **Expiration** section, here you can set an expiration date

**What is Expiration ?**\
\
In the context of **Google Cloud Secret Manager**, **expiration** refers to the end date and time after which a secret version becomes invalid or is no longer accessible. This feature helps manage the lifecycle of sensitive information by ensuring that secrets are periodically updated and old versions are retired. Expiration can be used to enhance security by forcing the use of newer secrets and reducing the risk of outdated or compromised secrets.

Scroll to the **Delay secret version destroy** section, here you can set duration for delayed destruction

Google Cloud

This guide is essential for anyone looking to securely manage sensitive information using Google Cloud Secret Manager.

Managing Secrets with Google Cloud Secret Manager