GCP prices access operations to secrets at $0.03 per 10,000 (see here).
When using secrets with Google Cloud Functions, are they accessed each time a function is run? Or only when the Cloud Function is deployed?
If the former is true, then this poses a much greater cost than the costs for running the Cloud Function itsself.
On
According to this documentation, you can access secrets as files attached as volumes or as env vars populated during deployment. Seems to me that the former is the costlier option since every file read is a request to the secrets manager.
The secret are accessed when a Cloud Functions instance is created. One instance is created at the first call (start from 0), or when the traffic increase and more instances must be added in the cluster. After a while of unused, the instance are offloaded (usually after 10 minutes).
When the instances are started, they are able to serve traffic (see function runtime). As long as they are used, there is no new secret access