Storing your environment data or secrets in Datastore, in a bucket using GCS may be rather considered as the usual thing to do in this environment. More about the encryption capabilities of the platform can be read in the "Encryption at Rest" document <https://cloud.google.com/security/encryption-at-rest/>.
App Engine allows you to make use of appropriate services, that provide you with tools allowing to store safely configuration and secrets. Cloud KMS is a REST API that can use a key to encrypt or decrypt data, such as secrets, for storage. You may read details on the "CLOUD KEY MANAGEMENT SERVICE" documentation page <https://cloud.google.com/kms/>. You may be interested in the "App Identity API <https://cloud.google.com/appengine/docs/standard/java/appidentity/#Java_Asserting_identity_to_other_systems>" as well. Environment variables can be made available to the app by specifying them at deployment time in the app.yaml file, as describe in the "Configuring your App with app.yaml" documentation page <https://cloud.google.com/appengine/docs/flexible/nodejs/configuring-your-app-with-app-yaml>, both for flex and standard environments. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/876c7ac7-4d93-4c2c-8bf3-8c83505e3cf9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
