GCP Secret Manager Best Practices

Best practice rules for GCP Secret Manager

• Enable Data Access Audit Logs for Secret Manager

  Ensure that Data Access audit logs are enabled for Secret Manager resources.

• Enable Destruction Delay for Secret Versions

  Ensure that a delayed destruction policy is configured for your Secret Manager secrets.

• Enable Rotation Schedules for Secret Manager Secrets

  Ensure that rotation schedules are configured for your Secret Manager secrets.

• Implement Least Privilege Access for Secret Manager Secrets using Cloud IAM

  Ensure that IAM roles with administrative permissions are not used for Secret Manager resource access control.

• Use Customer-Managed Encryption Keys for Secret Manager Secret Encryption

  Ensure that your Secret Manager secrets are encrypted with Customer-Managed Encryption Keys.