> For the complete documentation index, see [llms.txt](https://docs.paradime.io/app-help/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.paradime.io/app-help/documentation/integrations/secret-managers/gcp-secret-manager.md).

# GCP Secret Manager

## GCP Secret Manager

Connect GCP Secret Manager to Paradime so you can reference secrets by resource name in your environment variables and connection profiles — without ever storing plaintext credentials in Paradime.

### Prerequisites

* A Google Cloud project with the **Secret Manager API** enabled.
* A service account with the **Secret Manager Secret Accessor** role (`roles/secretmanager.secretAccessor`) on the secrets you want to reference.
* A JSON key file for the service account.

### Step 1 — Create a service account

1. In the **Google Cloud Console**, go to **IAM & Admin > Service accounts**.
2. Click **Create Service Account** and give it a descriptive name (e.g. `paradime-secrets`).
3. Grant the service account the **Secret Manager Secret Accessor** role on the project or on individual secrets.
4. Under **Keys**, click **Add Key > Create new key**, select **JSON**, and download the key file.

{% hint style="info" %}
For least-privilege access, grant the role on individual secrets rather than at the project level.
{% endhint %}

### Step 2 — Connect in Paradime

1. Navigate to **Settings > Integrations**.
2. Find **GCP Secret Manager** under the **Secret Managers** category and click **Connect**.
3. Fill in the required fields:

| Field                            | Description                                                                            |
| -------------------------------- | -------------------------------------------------------------------------------------- |
| **Service Account JSON**         | Paste the full contents of the JSON key file downloaded in Step 1.                     |
| **Default Project** *(optional)* | A default GCP project ID. If set, you can omit the project from short-form references. |

4. Click **Test connection** to verify the credentials.

### Step 3 — Reference secrets

Once connected, use GCP Secret Manager resource names anywhere Paradime accepts environment variable values or connection profile fields.

#### Reference format

```
projects/<project-id>/secrets/<secret-name>/versions/latest
```

To pin a specific version:

```
projects/<project-id>/secrets/<secret-name>/versions/<version-number>
```

#### Extracting a JSON key

If your secret value is a JSON object, append `#key_name` to extract a specific field:

```
projects/my-project/secrets/prod-db-creds/versions/latest#password
```

#### Example — Bolt environment variable

| Variable             | Value                                                            |
| -------------------- | ---------------------------------------------------------------- |
| `SNOWFLAKE_PASSWORD` | `projects/my-project/secrets/snowflake-password/versions/latest` |

Paradime resolves the resource name to the live secret value at schedule run time. The plaintext value is never stored in Paradime.

### Disconnecting

To remove the GCP Secret Manager integration:

1. Navigate to **Settings > Integrations**.
2. Click **Disconnect** on the GCP Secret Manager card.

{% hint style="warning" %}
Any environment variables or profile fields that reference GCP Secret Manager resource names will fail to resolve after disconnecting. Update them to use literal values before disconnecting.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.paradime.io/app-help/documentation/integrations/secret-managers/gcp-secret-manager.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.