GCP Secret Manager
GCP Secret Manager
Connect GCP Secret Manager to Paradime so you can reference secrets by resource name in your environment variables and connection profiles — without ever storing plaintext credentials in Paradime.
Prerequisites
A Google Cloud project with the Secret Manager API enabled.
A service account with the Secret Manager Secret Accessor role (
roles/secretmanager.secretAccessor) on the secrets you want to reference.A JSON key file for the service account.
Step 1 — Create a service account
In the Google Cloud Console, go to IAM & Admin > Service accounts.
Click Create Service Account and give it a descriptive name (e.g.
paradime-secrets).Grant the service account the Secret Manager Secret Accessor role on the project or on individual secrets.
Under Keys, click Add Key > Create new key, select JSON, and download the key file.
For least-privilege access, grant the role on individual secrets rather than at the project level.
Step 2 — Connect in Paradime
Navigate to Settings > Integrations.
Find GCP Secret Manager under the Secret Managers category and click Connect.
Fill in the required fields:
Service Account JSON
Paste the full contents of the JSON key file downloaded in Step 1.
Default Project (optional)
A default GCP project ID. If set, you can omit the project from short-form references.
Click Test connection to verify the credentials.
Step 3 — Reference secrets
Once connected, use GCP Secret Manager resource names anywhere Paradime accepts environment variable values or connection profile fields.
Reference format
To pin a specific version:
Extracting a JSON key
If your secret value is a JSON object, append #key_name to extract a specific field:
Example — Bolt environment variable
SNOWFLAKE_PASSWORD
projects/my-project/secrets/snowflake-password/versions/latest
Paradime resolves the resource name to the live secret value at schedule run time. The plaintext value is never stored in Paradime.
Disconnecting
To remove the GCP Secret Manager integration:
Navigate to Settings > Integrations.
Click Disconnect on the GCP Secret Manager card.
Any environment variables or profile fields that reference GCP Secret Manager resource names will fail to resolve after disconnecting. Update them to use literal values before disconnecting.
Last updated
Was this helpful?