(copy from Stackoverflow) Google Secret Manager- allow Compute Engine to auto-renew the certificates

Below is what I've posted at stackoverflow here that is not getting attention. I hope someone here is able to guide me to find the right answer.

I come with Azure background. In Azure, I could establish Key Vault (Azure's version of Google's secret manager) to store SSL certificates and set up VMs accordingly to pull certs from this. New versions uploaded to the Key Vault will auto-renew all the VMs that are set up to pull the certifcates from this Key Vault.

Can I do the same thing in Google so that Compute Engine pulls the certificates from the Secret Manager automatically?

I did some search but no prevalent results were found.

It is possible to store SSL certificate in secret manager

As explained in the Google cloud official document :

Secret Manager is a new Google Cloud service that provides a secure and convenient method for storing API keys, passwords, certificates, and other sensitive data.

You need to create a service account on each compute engine instance, install a secret manager and authenticate service account.configure web server running in each compute engine instance to use SSL certificate.

You need to set up a VM with a configuration to pull certificates from the secret manager and config infra to check and update in a timely manner.

Refer this official document for how to create and authenticate service accounts.

For more information on Secret Manager refer to this blog by Juan Guillermo Gómez Torres.

For your information In GCP have two types of SSL certificates

1.Google-managed SSL certificates

In Google -managed SSL certificates Google renews the certificates automatically.

2.self managed SSL certificates

Self-managed SSL certificates are certificates that you obtain, provision, and renew yourself.