A company is using Cloud Functions (2nd gen) to process files uploaded to Cloud Storage. The function needs to access a Cloud SQL (PostgreSQL) database. What is the most secure way to store and provide the database password to the function?
Secret Manager is the secure way to store and access secrets with fine-grained IAM.
Why this answer
Option C is correct because Secret Manager is the recommended service for storing secrets with IAM controls. Option A is wrong because Cloud Storage buckets may have broader access and are not designed for secrets. Option B is wrong because hardcoding is insecure.
Option D is wrong because KMS encrypts data but Secret Manager provides a simpler and more integrated secret storage solution.