What’s the key to a more secure Cloud Function? It’s a secret!

Building A Successful Career at SentinelOne | A Q&A With CTO Ric Smith
August 24, 2021
Palo Alto Networks Positioned as a Leader in Inaugural Zero Trust Network Access Report by Leading Independent Research Firm
August 24, 2021
Building A Successful Career at SentinelOne | A Q&A With CTO Ric Smith
August 24, 2021
Palo Alto Networks Positioned as a Leader in Inaugural Zero Trust Network Access Report by Leading Independent Research Firm
August 24, 2021
Show all
0

Google Cloud Functions provides a simple and intuitive developer experience to execute code from Google Cloud, Firebase, Google Assistant, or any web, mobile, or backend application. Oftentimes that code needs secrets–like API keys, passwords, or certificates–to authenticate to or invoke upstream APIs and services.

While Google Secret Manager is a fully-managed, secure, and convenient storage system for such secrets, developers have historically leveraged environment variables or the filesystem for managing secrets in Cloud Functions. This was largely because integrating with Secret Manager required developers to write custom code… until now. We listened to customer feedback and today we are announcing Cloud Functions has a native integration with Secret Manager!

This native integration has many key benefits including:

  • Zero required code changes. Cloud functions that already consume secrets via environment variables or files bundled with the source upload simply require an additional flag during deployment. The Cloud Functions service resolves and injects the secrets at runtime and the plaintext values are only visible inside the process.

  • Easy environment separation. It’s easy to use the same codebase across multiple environments, e.g., dev, staging, and prod, because the secrets are decoupled from the code and are resolved at runtime.

  • Supports the 12-factor app pattern. Because secrets can be injected into environment variables at runtime, the native integration supports the 12-factor pattern while providing stronger security guarantees.

  • Centralized secret storage, access, and auditing. Leveraging Secret Manager as the centralized secrets management solution enables easy management of access controls, auditing, and access logs.

Cloud Functions’ native integration with Secret Manager is available in preview to all Google Cloud customers today. Let’s take a deeper dive into this new integration.

Example

Suppose the following cloud function invoked via HTTP uses a secret token to invoke an upstream API:

Related posts

December 16, 2024

AI Playground: Where learning and innovation converge in the heart of London

Read more
December 13, 2024

What’s new with Google Cloud

Read more
November 29, 2024

What’s new with Google Cloud

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *