Google Cloud Platform

Secrets Manager: Where I Finally Stopped Hardcoding API Keys

📅 👁 2,002 views ⏱ 1 min read ✏️ 136 words
A key being placed into a secure vault with cloud interface
Securing Secrets with Secrets Manager
We've all done it. Hardcoded API keys in config files. Committed them to Git. Then scrambled to revoke them when you realize the repo is public. I was guilty of this for years. Then I discovered Secrets Manager on GCP. Now, every API key, every database password, every certificate lives in Secrets Manager. My code fetches them at runtime. No more secrets in environment variables. No more .env files floating around. And Secrets Manager has versioning, so I can roll back if I push a bad key. It also integrates with Cloud Run, GKE, and Cloud Functions natively. My security posture improved overnight. If you're still storing secrets in plain text, stop. Use Secrets Manager. It's one of those services that feels like it should be built into every cloud, and GCP does it really well.

Tags

Secrets Manager API keys security credentials GCP
2,002
Views
136
Words
1 min read
Read Time
Oct 2025
Published

You May Also Like

A code repository interface with cloud icons integrated

Why I Use Cloud Source Repositories Instead of GitHub

👁 2,843 · 1 min read
A person writing lessons learned in a notebook with a laptop open

What I Wish I Knew Before Using GCP (Lessons from 3 Years)

👁 2,799 · 1 min read
A person writing lessons learned in a notebook with a laptop open

What I Wish I Knew Before Using GCP (Lessons from 3 Years)

👁 2,599 · 1 min read
A code repository interface with cloud icons integrated

Why I Use Cloud Source Repositories Instead of GitHub

👁 2,591 · 1 min read
← All Articles 📂 Google Cloud Platform