Key Management

We manage cryptographic keys and secrets using Google Cloud Secret Manager, which provides secure storage and access control for all sensitive keys, tokens, and credentials. Access to secrets is tightly controlled using Google Cloud IAM policies, ensuring that only a very limited number of authorized personnel can retrieve or manage these keys.

All access to secrets is logged and audited, enabling traceability and accountability for key usage. While we currently do not have an automated key rotation policy, we rely on Google Cloud Secret Manager’s secure infrastructure to protect keys at rest and in transit.

We do not use hardware security modules (HSMs) at this time but benefit from Google Cloud’s managed security features and best practices for key protection, including encrypted storage and secure access controls.