Does anyone know in which case choose Kubernetes secrets instead of google secret manager and the reverse ? Differences between the two ?
GKE Secrets OR Google Secret manager
3.9k Views Asked by DE_WMA At
2
There are 2 best solutions below
Related Questions in GOOGLE-CLOUD-PLATFORM
- Why do I need to wait to reaccess to Firestore database even though it has already done before?
- Unable to call datastore using GCP service account key json
- Troubleshooting Airflow Task Failures: Slack Notification Timeout
- GoogleCloud Error: Not Found The requested URL was not found on this server
- Kubernetes cluster on GCE connection refused error
- Best way to upload images to Google Cloud Storage?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Google Datastream errors on larger MySQL tables
- Can anyone explain the output of apache-beam streaming pipeline with Fixed Window of 60 seconds?
- Parametrizing backend in terraform on gcp
- Nonsense error using a Python Google Cloud Function
- Unable to deploy to GAE from Github Actions
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Task failure in DataprocCreateClusterOperator when i add metadata
- How can I get the long running operation with google.api_core.operations_v1.AbstractOperationsClient
Related Questions in GOOGLE-KUBERNETES-ENGINE
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- Kubectl command throws error when executed from python script but manual execution works fine
- Unable to add TLS certificate to GKE from Google Secret Manager
- GKE Clusters no indication within metrics or logs after failure
- Getting connection refused to Private GKE Internal point. Autopilot private cluster
- Can I have the Google managed service range on a standard gke cluster created with Terraform- non auto-pilot
- Configure Lens with GKE cluster - gke_gcloud_auth_plugin issue
- Having issues joining my kubernetes worker noed to a controller node
- How to deploy airflow in kubernetes cluster that uses istio
- GKE cluster shutdown
- Artifactory 404 error from virtual repository where docker pulls fine but crictl does not
- Scraping from Mexico in GCP EKG?
- not able to connect via cloud sql proxy
- SQL connection throws error when adding DistributedSession, SessionMiddleware
- CronJob pod repeats pending forever even after deleting it
Related Questions in KUBERNETES-SECRETS
- How to migrate from application.yml containing sensitive data of ansible vault to Kubernetes conf objects [Kubernetes/SpringBoot/Docker]
- how to change ownership and file permissions for the secrets copied using secrets-store-csi-driver
- kubectl create secret command to identify if the created secret is existing or not existing then if it is existing it will not create secret
- Kubernetes Secret Store CSI Driver
- Why am I getting errors in this simple kubernetes hashicorp vault operator test project?
- How to protect kms:CreateGrant permission while encryption AWS EKS secrets
- How to access a secret injected into a Kubernetes pod with Vault?
- How to remove ownerRef from kubernetes secret using kopf
- AWS KMS permission issue : User not authorized to perform kms:CreateGrant (Service: EKS StatusCode: 400)
- Trouble Pulling Images from Self-Hosted Private GitLab Registry in Kubeflow Pipelines on k3s/WSL2
- Is there a way to reference a kubernetes secret in a Kong plugin yaml file?
- How to concatinate random generated string in Kubernetes secret yaml
- Bash - Iterate over map from k8s secrets call
- mongo-express running in minikube doesnt seem to be using password from secret
- dapr | failed getting app id either from the URL path or the header dapr-app-id
Related Questions in GOOGLE-SECRET-MANAGER
- Google secret manager webpack issue
- How to keep GCP Secret Manager and AWS Secret Manager in sync using Terraform
- Invalid parent project. Either parent project doesn't exist or didn't enable multi-tenancy
- How to check if a secret is disabled in Google Cloud Secret Manager when using the Google Cloud Java SDK?
- GCP Cloud Run - Cannot update environment variable to string literal because it has already been set with a different type
- SecretIterator not working as expected because of cancelled context
- Problem with permissions during deployment firebase cloud function v2
- GCP Secret Manager works on Local build but not on GCP Cloud RUN
- Use GCloud CLI to list secrets that have label but no value
- In Google Cloud Function, gspread_pandas gives TypeError: 'AuthorizedSession' object is not callable. Loading credentials from Secret Manager
- Listing all secret version Alias in gcp secret-manager through .net
- Dataflow Runner has problems with GCP Secret Manager
- GKE with Workload identity can't access secrets from Secret Manager through nodejs client library
- Google Secret Manager and Cloud Functions - Audit logs and caller id
- GCP Secret Manager empty reply/broken pipe on Ubuntu 22 VM in PHP
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
With Kubernetes secret (K8S Secret), you use a built in feature of K8S. You load your secrets in config maps, and you mount them on the pods that require them.
PRO
If a day you want to deploy on AWS, Azure or on prem, still on K8S, the behavior will be the same, no update to perform in your code.
CONS
The secrets are only accessible by K8S cluster, impossible to reuse them with another GCP services
Note: With GKE, no problem the ETCD component is automatically encrypted with a key form KMS service to keep the secret encrypted at rest. But, it's not always the same for every K8S installation, especially on premise, where the secrets are kept in plain text. Be aware about this part of the security.
Secret Manager is a vault managed by Google. You have API to read and write them and the IAM service checks the authorization.
PRO
It's a Google Cloud service and you can access it from any GCP services (Compute Engine, Cloud Run, App Engine, Cloud Functions, GKE,....) as long as you are authorized for
CONS
It's Google Cloud specific product, you are locked in.