What is Secret Manager in GCP?

Secret Manager is GCP's secure, managed service for storing API keys, passwords, certificates, and other sensitive data. It is the GCP equivalent of AWS Secrets Manager or Azure Key Vault. Key features: Versioning: store multiple versions of a secret — roll back or rotate without changing application code (reference the latest version or a specific one). Automatic rotation: integrate with Cloud Scheduler to trigger secret rotation functions. Audit logging: every access to every version is logged in Cloud Audit Logs. IAM-based access control: grant the secretmanager.secretAccessor role to specific service accounts. CMEK: optionally encrypt secrets with customer-managed encryption keys. Access in code using the Secret Manager client library or REST API. Applications should retrieve secrets at startup, not hard-code them.