Secret Manager

Secret Manager stores API keys, passwords and certs with versioning and replication policies.

• CI secrets
• App config
• Test credentials

1. Enable API.
2. Create secret + add version.
3. Grant `roles/secretmanager.secretAccessor` to consumer SA.

• Inject test API keys at runtime instead of baking into images.