Google IAM Service Account Key Secret Template for RPC

Overview

This document briefly discusses using Secret Server Remote Password Changing (RPC) for Google IAM accounts. With Remote Password Changing (RPC), secrets can automatically change remote account passwords when a secret expires, either immediately or on a defined schedule. In addition, the new passwords’ strengths and other qualities are completely configurable. See the Password Changer List for a complete list of available password changers.

Secret Server can manage Google Cloud Platform (GCP) service accounts and VM instances. For more details, see Google Cloud Platform Discovery.

Assigning a Password Changer to a Secret Template

After completing the RPC setup, you can manage the built-in secret templates. Each secret template is a specific application and is preconfigured with the password changer best suited to that. For the Google Cloud Platform, we want the Google IAM Service Account Key template.

You can view and modify secret Templates in the Secret Server administration panel. See Creating or Editing Secret Templates for more on the available options. Ensure that the secret template is in active status. See Activating and Deactivating Templates for details.

Navigate to Admin > Secret Templates, and select Google IAM Service Account Key template from the list (or use the search box if you don't see it). On the template page select the Mapping tab.

You can check what secret template conforms to the selected RPC. The screenshot below shows the Google IAM Service Account Key RPC refers to the selected Google IAM secret template. It is possible to assign several password changers to one secret template. For more information, see Assigning a Password Changer to a Secret Template.

Secret templates determine the fields, launchers, and the remote password changer for secrets. To use the Google IAM Directory template on a secret, see Managing Secrets.