How do i handle secrets in Google Cloud Functions?

Question

What is the common practice here? There seems to be no tools provided by gcloud. I\'m deploying functions from local machine for now, so I can hardcode secrets, but

Answer 1

You should use Cloud Key Management Service(KMS).
Don't push pure secrets to Cloud Functions with files or environment variables.

One solution is followings:

1. Create key on Cloud KMS
2. Encrypt secret file with that key
3. Upload encrypted secret file to Google Cloud Storage(GCS) (Accessible by specified user)
4. In Cloud Function Execution, get uploaded secret file from GCS, decrypt, and use it

[Ref] Secret management using the Google Cloud Platform