Rift Panel
INTEGRATIONS

GCP Secrets

View secrets from Google Cloud Secret Manager and inject them into terminal sessions as environment variables — without ever writing them to disk.

The GCP Secrets panel connects to Google Cloud Secret Manager and lists the secrets available in your active project. From this panel you can browse secret names, view metadata, and inject specific secret values into running terminal sessions as environment variables. The panel is designed with a security-first approach: secret values are held only in memory and are never written to disk, config files, or Rift Panel's persisted workspace state.

Viewing Secrets

When the panel opens, it fetches the list of secrets from Secret Manager for the active GCP project. Each secret entry displays:

  • Secret name — The identifier used to reference this secret
  • Created — When the secret was first created
  • Last updated — When the latest version was added
  • Version count — How many versions exist for this secret
  • Replication policy — Automatic or user-managed replication

The list supports search filtering by secret name. For projects with dozens or hundreds of secrets, type a partial name in the search bar to narrow the list instantly.

Secret values are not fetched or displayed by default. You must explicitly request a value through the injection workflow described below. This prevents accidental exposure of sensitive data in the panel view.

Secret Injection

To inject a secret value into a terminal session:

  1. Click the inject button (syringe icon) next to the secret you want to use.
  2. A dialog appears asking you to select the target terminal session from a list of all running sessions in the workspace.
  3. Optionally customize the environment variable name. By default, Rift Panel converts the secret name to uppercase with underscores (e.g., api-key becomes API_KEY).
  4. Click "Inject" to set the environment variable in the selected session.

Under the hood, Rift Panel fetches the latest version of the secret value from Secret Manager, then sets it as an environment variable in the target session's PTY process using an export command. The value is transmitted directly from the API response to the terminal process and is not stored in any intermediate location.

You can inject multiple secrets into the same session. Each injection adds a new environment variable without affecting previously injected values.

Security

The GCP Secrets panel follows strict security practices to minimize the risk of accidental secret exposure:

  • No disk persistence — Secret values are never written to disk. They exist only in memory during the brief window between the API fetch and the environment variable export.
  • No workspace state — Injected secrets are not saved in Rift Panel's workspace persistence layer. If you restart Rift Panel, previously injected environment variables are gone and must be re-injected.
  • No clipboard — The panel does not provide a "copy to clipboard" action for secret values. Injection into a terminal session is the only way to access a value.
  • Audit logging — Every secret access is logged by Google Cloud's audit logs on the server side, providing a record of who accessed which secret and when.

Warning: Exercise caution when injecting secrets in shared or screen-shared environments. The export command used to set the environment variable may be visible in the terminal's scrollback buffer. If you are sharing your screen or recording a session, the secret value could be exposed to viewers. Consider clearing the terminal buffer after injection with Ctrl+L or the clear command.