GCP External Secrets Manager

This page discusses the creation of GCP External Secrets Managers, if you wish to create an External Secrets Manager for a different cloud service, please go to the matching doc, as they have varying parameters.

Working With External Secrets Manager from the Console

This section will discuss the different Commands necessary to handle ESMs. While the initial creation command is a regular Akeyless command, management of ESMs is done through a set of sub-commands, that all have the prefix esm added to them, as will be shown later in this section. If the prefix is not added to these sub-commands, they will not work.

Creating an ESM

To create an ESM, use the following command:

akeyless create-esm -n <name> -a <target name>

The main parameters are:

  • -n, --name: Name for External Secrets Manager. You may specify the location by adding a path to the virtual folder where you want to create the new External Secrets Manager, using slash / separators. If the folder does not exist, it will be created along with the External Secrets Manager.

  • -a, --target-to-associate: An existing Target that points to your desired endpoint.

Additional parameters can be found in the CLI Reference.

Listing ESM Secrets

To list the secrets saved on your ESM, use the following command:

akeyless esm list -n <esm name>

The output should look as following:

{
  "secrets_list": [
    {
      "secret_id": "<secret id>",
      "name": "<secret name>",
      "created": "<timestamp>",
      "type": "<type>",
      "status": <activity status, true/false>
    }
  ]
}

Fetching a Secret from the ESM

To view a secret from your ESM, use the following command:

akeyless esm get -n <esm name> -s <secret id>

The main parameters are:

  • -n, --esm-name: Name of the External Secrets Manager.

  • -s, --secret-id: The ID of the secret you would like to fetch.

Additional parameters can be found in the CLI Reference.

The output should look as follows:

{
  "value": "<base64 encoded value>",
  "metadata": {
    "created": "<timestamp>",
    "updated": "<timestamp>"
  }
}

Adding a New Secret to an ESM

To create a new secret in your ESM, use the following command:

akeyless esm create -n <esm name> -s <new secret name> -v <secret value>

The main parameters are:

  • -n, --esm-name: Name of the External Secrets Manager.

  • -s, --secret-name: The name of the secret you would like to create.

  • -v, --value: The value of the secret you would like to create, plaintext or base64 encoded.

Additional parameters can be found in the CLI Reference.

Updating an Existing ESM secret

To update an existing secret in your ESM, use the following command:

akelyess esm update -n <esm name> -s <secret id> -v <new secret value>
  • -n, --esm-name: Name of the External Secrets Manager.

  • -s, --secret-id: The id of the secret you would like to update.

  • -v, --value: The new value of the secret you would like to update, plaintext or base64 encoded.

Additional parameters can be found in the CLI Reference.

Deleting an Existing ESM secret

To delete an existing secret in your ESM, use the following command:

akelyess esm delete -n <esm name> -s <secret id>
  • -n, --esm-name: Name of the External Secrets Manager.

  • -s, --secret-id: The id of the secret you would like to update.

Additional parameters can be found in the CLI Reference.

Creating an External Secrets Manager from the Console

  1. Log in to the Akeyless Console, and go to Secrets & Keys > New > External Secrets Manager.

  2. Select the GCP secret type and click Next.

  3. Define a Name of the External Secrets Manager, and specify the Location as a path to the virtual folder where you want to create the new External Secrets Manager, using slash / separators. If the folder does not exist, it will be created along with the External Secrets Manager.

  4. Define the remaining settings as follows:

  • Description: Optional, enter a description of the External Secrets Manager.

  • Tags: Optional, select one or more tags for the External Secrets Manager, or enter the name of a new tag to be added as part of the creation process.

  • Delete Protection: Optional, turn on this setting to protect the item from deletion

  • Target: Select an existing GCP Target.

  • Gateway: Select the desired corresponding Gateway.

  1. Click Finish

GCP External Secrets details

Once connected to a Target, you will be able to access an External Secrets Manager in your Akeyless console page, which will allow you to manage your External Secrets, as well as display the following information about the secret:

  • Name: Secret name

  • Location: Secret location

  • Encryption: Encryption information

  • Labels: GCP connected labels

  • Status: Secret status of enabled/disabled

  • Created: Secret date of creation

More information and secret value can be viewed by selecting a specific secret, additionally, you will have the option to perform actions on the secret.