Documentation Usage Secret Manager

Question

Documentation Usage Secret Manager

Closed this issue 4 months ago · 3 comments

Describe the bug
Currently, there is no description, how and in which projects the GCP Secret Manager is recommended to be used. By GCP security best practices, it is recommended to use centralized projects similar to KMS.

Expected behavior
The documentation of stage 2-security should include the recommendation to use such projects for Secret Manager.

Answer 1 · 2024-02-05T08:34:03.000Z

I don't understand this.

What do you mean with "how and in which projects the GCP Secret Manager is recommended to be used"? Are you talking about where secret manager is created? or where the secrets are used from?

Answer 2 · 2024-02-05T08:37:32.000Z

The documentation https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/blob/master/fast/stages/2-security/README.md describes the security projects to be used for KMS and VPC-SC. It would make sense to enrich the KMS section or create a new section to include Secret Manager.

Answer 3 · 2024-02-05T08:45:33.000Z

That's because we're actually not creating any secret manager. The ~~networking~~ security stage only deals with KMS and VPC-SC.

IMO this is not relevant to FAST