GCP Secret Management Demo Tool
Registered values are encrypted using Cloud KMS in Cloud Datastor and saved.
For example, when key = sample, value = hoge is registered.
In Datastore, the value encrypted with Cloud KMS is saved.
With IAP, you can control with Google Account and GCP Service Account. When using Service Account in CI, it is good to use iap_curl .
iap_curl https://{app engine project}/api/1/secret/sample
{"key":"sample","value":"hoge"}
If you want to control with IP Addr, use App Engine Firewall. IAP and Firewall can be used at the same time.
Save the App Engine log to BigQuery and check it with DataStudio.