HomePlatformSDKRelease Notesllms.txt
Launching the Platform/Self hosted/Prerequisites

Secret Management

Configure secret management for your self-hosted platform

Overview

Platform Options

  • HashiCorp Vault
  • Google Secret Manager

Key Features

  • Secrets management
  • Encryption key storage
  • Secure credentials handling
  • Private key management

Deployment Options

Google Secret Manager Setup

Enable the Secret Manager API

  • Go to Google Cloud Console
  • Navigate to Secret Manager
  • Enable the Secret Manager API for your project

Create Service Account

  • Navigate to IAM & Admin > Service Accounts
  • Create a new service account
  • Grant the following roles:
    • Secret Manager Admin

Download Credentials

  • Create and download a JSON key for the service account
  • Keep this file secure - you'll need it during platform installation

Google Secret Manager provides:

  • Fully managed service
  • Automatic replication
  • Fine-grained IAM controls
  • Audit logging

Helm Chart Values:

# values.yaml for Helm installation
googleSecretManager:
  # -- Enable Google Secret Manager integration
  enabled: true
  # -- The Google Cloud project ID
  projectId: "your-project-id"
  # -- The Google Cloud service account credentials JSON
  credentials: |
    {
      // Your service account JSON key
    }

Make sure to:

  1. Enable Google Secret Manager in your Helm values
  2. Use the same project ID and credentials as in your platform configuration
  3. Properly format the service account JSON credentials

Information Collection

Required Values for Platform Installation

Choose one of the following configurations for your Helm values:

For Google Secret Manager:

  • GCP Project ID
  • Service Account JSON key
# values.yaml
vault:
  enabled: false
 
googleSecretManager:
  enabled: true
  projectId: "your-project-id"
  credentials: |
    {
      // Your service account JSON key
    }

For HashiCorp Vault:

  • Vault address/endpoint
  • Role ID
  • Secret ID
  • Namespace (if using HCP Vault: admin)
# values.yaml
googleSecretManager:
  enabled: false
 
vault:
  enabled: true
  address: "https://vault-cluster.hashicorp.cloud:8200"
  namespace: "admin" # Required for HCP Vault
  roleId: "your-role-id"
  secretId: "your-secret-id"

Make sure to:

  1. Enable only one secret management solution (vault or googleSecretManager)
  2. Disable the other option by setting enabled: false
  3. Provide all required values for your chosen solution

Validation

# Set environment variables
export GOOGLE_APPLICATION_CREDENTIALS="path/to/service-account.json"
export PROJECT_ID="your-project-id"
 
# Verify access
gcloud secrets list --project=$PROJECT_ID

Troubleshooting

Google Secret Manager Issues

  • Verify service account permissions
  • Check credentials file format
  • Confirm API is enabled
  • Validate project ID

Vault Issues

  • Verify Vault address
  • Check network access
  • Confirm TLS settings
  • Validate namespace (HCP)

Need help? Contact [email protected] if you encounter any issues.

Previous

S3-Compatible Storage

Next

Metrics and Logs

On this page