I would like to keep my use access tokens to GCP encrypted in my operating system’s keychain and use them easily with gcloud CLI.
So, does aws-vault for gcp exist to secure my own tokesn when accessing gcp?
This is unrelated to AWS Secret Manager
Asked
Active
Viewed 394 times
2 Answers
0
It sounds like you want Google Secret manager.
From the documentation, it claims to:
Store API keys, passwords, certificates, and other sensitive data.
which sounds like it does what you want it to do.
However, you state
I would like to keep my tokens encrypted in my operating system’s keychain
-- I don't see why you would want to do that though, if you have secrets manager. The secrets manager should be the source of truth, and the machine should be authorised via IAM to access specific secrets on demand, not persisted in the OS keychain. If the OS is compromised, the secrets will be exposed, whilst the attacker would need to break secrets manager or IAM in order to access them if they are consumed uniquely from secrets manager.
Bruce Becker
- 3,783
- 4
- 20
- 41
0
Late answer, but for the record, Google Cloud Cli has built-in support for multi-account, with automatic credentials renewal, so there's no need for an external tool like aws-vault for AWS.
Kien Truong
- 101
- 1