Does anyone know in which case choose Kubernetes secrets instead of google secret manager and the reverse ? Differences between the two ?
GKE Secrets OR Google Secret manager
3.9k Views Asked by DE_WMA At
2
There are 2 best solutions below
Related Questions in GOOGLE-CLOUD-PLATFORM
- Google Logging API - What service name to use when writing entries from non-Google application?
- Custom exception message from google endpoints exception
- Unable to connect database of lamp instance from servlet running on tomcat instance of google cloud
- How to launch a Jar file using Spark on hadoop
- Google Cloud Bigtable Durability/Availability Guarantees
- How do I add a startup script to an existing VM from the developer console?
- What is the difference between an Instance and an Instance group
- How do i change files using ftp in google cloud?
- How to update all machines in an instance group on Google Cloud Platform?
- Setting up freeswitch server on Google cloud compute
- Google Cloud Endpoints: verifyToken: Signature length not correct
- Google Cloud BigTable connection setup time
- How GCE HTTP Cross-Region Load Balancing implemented
- Google Cloud Bigtable compression
- Google cloud SDK code to execute via cron
Related Questions in GOOGLE-KUBERNETES-ENGINE
- Cannot access google cloud SQL from google container engine
- Cluster communication and firewalls in Google Container Engine
- Google Container Engine (GKE): "Hello Wordpress" tutorial not working (ERR_CONNECTION_REFUSED)
- Setting up continuous deployment to Google Compute Engine running Kubernetes
- Does Google Container Registry undergo issues?
- How to mount volume for docker container via yaml manifest?
- LogSeverity on aggregated logs in Google Container Engine
- How do I permanently edit cluster/saltbase/pillar/privilege.sls to allow_privledged with Google Container Engine?
- Static outgoing IP in Kubernetes
- Docker container curl to web
- enable stackdriver monitoring agent google container engine clusters on gci image
- Networking between flex environment app engine and cluster engine?
- Set vm.max_map_count on cluster nodes
- How to reduce nodes(vm) running in a Kubernetes cluster of GKE gracefully?
- Google Container Engine StatefulSets in kubernetes 1.5.1 don't seem to work
Related Questions in KUBERNETES-SECRETS
- how to use secret on machine where kubernetes cluster is installed?
- Error in image_pull_secrets for private repository Airflow deployed in Kubernetes
- How to inject secret value to Kubernetes crd?
- How to use quarkus.kubernetes-config.secrets.enabled in application.yml?
- Keep formating of data in kubernetes secret
- transforming configMapKeyRef into secretKeyRef with jq
- dapr | failed getting app id either from the URL path or the header dapr-app-id
- mongo-express running in minikube doesnt seem to be using password from secret
- How to concatinate random generated string in Kubernetes secret yaml
- Bash - Iterate over map from k8s secrets call
- Is there a way to reference a kubernetes secret in a Kong plugin yaml file?
- AWS KMS permission issue : User not authorized to perform kms:CreateGrant (Service: EKS StatusCode: 400)
- GKE Secrets OR Google Secret manager
- kubed syncing secret to more than one namespace
- k3s pods are not mounting secrets defined in helm deployment's imagePullSecrets
Related Questions in GOOGLE-SECRET-MANAGER
- Asynchronous function returns Promise{pending} instead of a value
- Can't find option in Google Cloud Run to add created Secrets to Variables - documentation is misleading
- How to use REACT_ENV_SECRET in firebase
- Laravel/GCP Error: Could not construct ApplicationDefaultCredentials
- Spring boot running in GKE fetch secret from secret manager
- GCP mount 2 secrets in one directory
- How do you Inject a File from Google Secret Manager into a Google Cloud Run App via Terraform
- Unknown error from gcp secret manager (bad gateway)
- Java Maven: Configuring GCP Secret Manager. Type Not Accessible Error, Multiple Module Error, and ClassNotFoundException
- Google Secret Manager doesn't have access to GKE
- Add custom converter before manully binding properties using EnvironmentAware : Springboot
- 404 errors calling BigQuery, Pub/Sub and Secret Manager after deployment
- Terraform GCP: Creating Cloud SQL User with Google Secret Manager Password Leads to Authentication Failure
- GKE Secrets OR Google Secret manager
- Is there a way of querying Google Secrets Manager?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
With Kubernetes secret (K8S Secret), you use a built in feature of K8S. You load your secrets in config maps, and you mount them on the pods that require them.
PRO
If a day you want to deploy on AWS, Azure or on prem, still on K8S, the behavior will be the same, no update to perform in your code.
CONS
The secrets are only accessible by K8S cluster, impossible to reuse them with another GCP services
Note: With GKE, no problem the ETCD component is automatically encrypted with a key form KMS service to keep the secret encrypted at rest. But, it's not always the same for every K8S installation, especially on premise, where the secrets are kept in plain text. Be aware about this part of the security.
Secret Manager is a vault managed by Google. You have API to read and write them and the IAM service checks the authorization.
PRO
It's a Google Cloud service and you can access it from any GCP services (Compute Engine, Cloud Run, App Engine, Cloud Functions, GKE,....) as long as you are authorized for
CONS
It's Google Cloud specific product, you are locked in.