Skip to main content

Secret Manager

SmartSRE provides rotation management and security for Google Secret Manager.

What SmartSRE Scans

CategoryChecks
RotationSecret age, rotation schedules
VersionsOld versions, cleanup opportunities
ReplicationReplication configuration

Findings

Issue TypeSeverityDescription
stale_secretMediumSecret not rotated in 90+ days
no_rotation_scheduleLowAutomatic rotation not configured
too_many_versionsLow> 10 versions retained
single_region_replicationLowSecret in only one region

Available Fixes

OperationDescriptionImpact
add_versionCreate new secret versionLow
disable_old_versionsDisable versions > 30 daysLow
destroy_old_versionsDestroy disabled versionsMedium
set_rotation_scheduleConfigure automatic rotationLow

Required Permissions

For Scanning

roles/secretmanager.viewer

For Remediation

roles/secretmanager.admin

Best Practices

  1. Set rotation schedules — Automatic secret rotation
  2. Limit version retention — Disable old versions
  3. Use regional replication — Match application regions
  4. Audit secret access — Enable logging