Google Cloud announced the general availability of delayed destruction for Secret Manager, a new way to protect your secrets. This new capability helps ensure that secret material cannot be erroneously deleted - either by accident or as part of an intended malicious attack.
One of the challenges customers have faced while managing the secret material lifecycle in Secret Manager is that the destruction of a secret version is an irreversible step. This means there is no way to recover your secret material if it is destroyed.
To address this challenge, Google Cloud has introduced delayed destruction. With delayed destruction, a secret version remains disabled for N days, after which it is destroyed. This period can be configured by administrators using the TTL_DURATION field. During this archival period, an administrator can choose to revive the secret version by re-enabling it and moving to an enabled state. After the delay period expires, the secret version is permanently destroyed.
In addition, Google Cloud has added a new optional Pub/Sub notification called SECRET_VERSION_DESTROY_SCHEDULED. Once enabled, any scheduled destruction will notify the appropriate Pub/Sub topic, allowing the on-call personnel to analyze the change and if necessary restore the secret version instead of allowing destruction to proceed.
The delayed destruction feature is a valuable addition to Secret Manager. It gives customers more control over the lifecycle of their secret material and helps ensure that important secrets cannot be accidentally or maliciously deleted.
I'm particularly excited about the Pub/Sub notification capability. This will give teams more visibility into attempts to destroy secret versions, allowing them to take appropriate actions to protect their data.
I recommend that organizations using Secret Manager enable the delayed destruction feature for all of their important secrets. This will help to improve their security posture and protect their data from accidental deletion.
