Skip to main content
Bifrost integrates with Google Cloud Secret Manager for secure key storage, allowing you to store provider API keys and virtual keys in your Google Cloud environment and automatically sync them into Bifrost.

Configuration

Add a vault block to your Bifrost configuration to connect to Google Secret Manager: 
{
  "vault": {
    "type": "google_secret_manager",
    "project_id": "your-project-id",
    "credentials_file": "/path/to/service-account.json",
    "sync_interval": "300s"
  }
}

Configuration Fields

FieldTypeDescription
typestringMust be set to "google_secret_manager" to use Google Secret Manager.
project_idstringThe Google Cloud project ID where your secrets are stored.
credentials_filestringPath to the Google Cloud service account JSON credentials file used for authentication.
sync_intervalstringHow often Bifrost syncs keys from Google Secret Manager. Accepts duration strings such as "300s", "5m", or "1h".
The sync_interval field controls how frequently Bifrost polls your vault for key changes. Lower intervals detect changes faster but increase load on your vault server. See the Vault Support page for full sync configuration options including sync_paths and auto_deprecate.
For key synchronization, deprecation management, and security configuration, see Vault Support.