open-telemetry
diff --git a/‎.chloggen/google-secrets-manager-provider.yaml
Lines changed: 16 additions & 0 deletions b/‎.chloggen/google-secrets-manager-provider.yaml
Lines changed: 16 additions & 0 deletions
diff --git a/‎.codecov.yml
Lines changed: 4 additions & 0 deletions b/‎.codecov.yml
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/CODEOWNERS
Lines changed: 1 addition & 0 deletions b/‎.github/CODEOWNERS
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/bug_report.yaml
Lines changed: 1 addition & 0 deletions b/‎.github/ISSUE_TEMPLATE/bug_report.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/feature_request.yaml
Lines changed: 1 addition & 0 deletions b/‎.github/ISSUE_TEMPLATE/feature_request.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/other.yaml
Lines changed: 1 addition & 0 deletions b/‎.github/ISSUE_TEMPLATE/other.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/unmaintained.yaml
Lines changed: 1 addition & 0 deletions b/‎.github/ISSUE_TEMPLATE/unmaintained.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/component_labels.txt
Lines changed: 1 addition & 0 deletions b/‎.github/component_labels.txt
Lines changed: 1 addition & 0 deletions
diff --git a/‎confmap/provider/googlesecretmanagerprovider/Makefile
Lines changed: 1 addition & 0 deletions b/‎confmap/provider/googlesecretmanagerprovider/Makefile
Lines changed: 1 addition & 0 deletions
diff --git a/‎confmap/provider/googlesecretmanagerprovider/README.md
Lines changed: 61 additions & 0 deletions b/‎confmap/provider/googlesecretmanagerprovider/README.md
Lines changed: 61 additions & 0 deletions
@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: new_component
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: confmap/googlesecretmanagerprovider
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Initial implementation of secrets manager provider. Allows fetch secrets from Google Secrets Manager
+
+# One or more tracking issues related to the change
+issues: [39665]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
@@ -32,6 +32,10 @@ component_management:
     name: confmap_provider_aesprovider
     paths:
     - confmap/provider/aesprovider/**
+  - component_id: confmap_provider_googlesecretmanagerprovider
+    name: confmap_provider_googlesecretmanagerprovider
+    paths:
+    - confmap/provider/googlesecretmanagerprovider/**
   - component_id: confmap_provider_s3provider
     name: confmap_provider_s3provider
     paths:
 
@@ -25,6 +25,7 @@ cmd/otelcontribcol/                                              @open-telemetry
 cmd/oteltestbedcol/                                              @open-telemetry/collector-contrib-approvers
 cmd/telemetrygen/                                                @open-telemetry/collector-contrib-approvers @mx-psi @codeboten @Erog38
 confmap/provider/aesprovider/                                    @open-telemetry/collector-contrib-approvers @djaglowski
+confmap/provider/googlesecretmanagerprovider/                    @open-telemetry/collector-contrib-approvers @aabmass @dashpole @jsuereth @psx95 @braydonk @ridwanmsharif
 confmap/provider/s3provider/                                     @open-telemetry/collector-contrib-approvers @Aneurysm9
 confmap/provider/secretsmanagerprovider/                         @open-telemetry/collector-contrib-approvers @atoulme
 connector/countconnector/                                        @open-telemetry/collector-contrib-approvers @djaglowski
 
@@ -25,6 +25,7 @@ body:
       - cmd/oteltestbedcol
       - cmd/telemetrygen
       - confmap/provider/aesprovider
+      - confmap/provider/googlesecretmanagerprovider
       - confmap/provider/s3provider
       - confmap/provider/secretsmanagerprovider
       - connector/count
 
@@ -19,6 +19,7 @@ body:
       - cmd/oteltestbedcol
       - cmd/telemetrygen
       - confmap/provider/aesprovider
+      - confmap/provider/googlesecretmanagerprovider
       - confmap/provider/s3provider
       - confmap/provider/secretsmanagerprovider
       - connector/count
 
@@ -19,6 +19,7 @@ body:
       - cmd/oteltestbedcol
       - cmd/telemetrygen
       - confmap/provider/aesprovider
+      - confmap/provider/googlesecretmanagerprovider
       - confmap/provider/s3provider
       - confmap/provider/secretsmanagerprovider
       - connector/count
 
@@ -24,6 +24,7 @@ body:
       - cmd/oteltestbedcol
       - cmd/telemetrygen
       - confmap/provider/aesprovider
+      - confmap/provider/googlesecretmanagerprovider
       - confmap/provider/s3provider
       - confmap/provider/secretsmanagerprovider
       - connector/count
 
@@ -6,6 +6,7 @@ cmd/otelcontribcol cmd/otelcontribcol
 cmd/oteltestbedcol cmd/oteltestbedcol
 cmd/telemetrygen cmd/telemetrygen
 confmap/provider/aesprovider confmap/provider/aesprovider
+confmap/provider/googlesecretmanagerprovider confmap/provider/googlesecretmanagerprovider
 confmap/provider/s3provider confmap/provider/s3provider
 confmap/provider/secretsmanagerprovider confmap/provider/secretsmanagerprovider
 connector/countconnector connector/count
 
@@ -0,0 +1 @@
+include ../../../Makefile.Common
@@ -0,0 +1,61 @@
+# Google Secrets Provider
+<!-- status autogenerated section -->
+| Status        |           |
+| ------------- |-----------|
+| Stability     | [development]  |
+| Distributions | [] |
+| Issues        | [![Open issues](https://img.shields.io/github/issues-search/open-telemetry/opentelemetry-collector-contrib?query=is%3Aissue%20is%3Aopen%20label%3Aprovider%2Fgooglesecretmanagerprovider%20&label=open&color=orange&logo=opentelemetry)](https://github.com/open-telemetry/opentelemetry-collector-contrib/issues?q=is%3Aopen+is%3Aissue+label%3Aprovider%2Fgooglesecretmanagerprovider) [![Closed issues](https://img.shields.io/github/issues-search/open-telemetry/opentelemetry-collector-contrib?query=is%3Aissue%20is%3Aclosed%20label%3Aprovider%2Fgooglesecretmanagerprovider%20&label=closed&color=blue&logo=opentelemetry)](https://github.com/open-telemetry/opentelemetry-collector-contrib/issues?q=is%3Aclosed+is%3Aissue+label%3Aprovider%2Fgooglesecretmanagerprovider) |
+| Code coverage | [![codecov](https://codecov.io/github/open-telemetry/opentelemetry-collector-contrib/graph/main/badge.svg?component=provider_googlesecretmanagerprovider)](https://app.codecov.io/gh/open-telemetry/opentelemetry-collector-contrib/tree/main/?components%5B0%5D=provider_googlesecretmanagerprovider&displayType=list) |
+| [Code Owners](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/CONTRIBUTING.md#becoming-a-code-owner)    | [@aabmass](https://www.github.com/aabmass), [@dashpole](https://www.github.com/dashpole), [@jsuereth](https://www.github.com/jsuereth), [@psx95](https://www.github.com/psx95), [@braydonk](https://www.github.com/braydonk), [@ridwanmsharif](https://www.github.com/ridwanmsharif) |
+
+[development]: https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/component-stability.md#development
+<!-- end autogenerated section -->
+
+## Summary
+
+This Provider component offers a secure way to reference secrets or sensitive information in collector configurations using [Google Secret Manager](https://cloud.google.com/security/products/secret-manager). Use a placeholder in the format `${googlesecretmanagerprovider:projects/<project Id>/secrets/<secret Id>/versions/<version Id>}` within your configuration. The actual secrets will then be fetched dynamically from [Google Secret Manager](https://cloud.google.com/security/products/secret-manager) during collector initialization.
+## Usage
+
+- Simply replace plaintext secrets within your collector configuration with the placeholder: `${googlesecretmanagerprovider:projects/<project Id>/secrets/<secret Id>/versions/<version Id>}`
+
+An example collector configuration:
+
+```
+receivers:
+  otlp:
+    protocols:
+      grpc:
+      http:
+processors:
+  batch:
+
+exporters:
+  logging:
+    loglevel: debug
+  http:
+    endpoint: "https://example.com/api/metrics"
+    headers:
+      X-API-Key: ${googlesecretmanagerprovider:projects/12345/secrets/my-secret/versions/1}
+service:
+  pipelines:
+    traces:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [logging, http]
+    metrics:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [logging, http]
+    logs:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [logging, http]
+
+```
+
+### Prerequisites
+1. Make sure to enable access to the [Secret Manager API](https://cloud.google.com/secret-manager/docs/accessing-the-api).
+2. Make sure to [add the secret entries to Google Secret Manager](https://cloud.google.com/secret-manager/docs/create-secret-quickstart) before referencing them in the collector configurations. 
+3. This Provider interacts with Google Secret Manager using the Secret Manager client library. This library uses [Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials) to locate authentication credentials for Secret Manager. Therefore, if you run your collector in a local environment, execute the [`gcloud auth application-default login`](https://cloud.google.com/secret-manager/docs/authentication#client-libs) command to generate the necessary credential file to provide to ADC.
+4. However, if your collector runs on Google Compute Engine (GCE) or Google Kubernetes Engine (GKE), running `gcloud auth application-default login` is optional. This is because ADC can retrieve credentials via [the metadata server](https://cloud.google.com/docs/authentication/application-default-credentials#order). However, ensure that your GKE or GCE instance [has enabled the cloud-platform OAuth scope](https://cloud.google.com/secret-manager/docs/accessing-the-api#oauth-scopes). Additionally, verify that the Service Account attached to the GCE or GKE instance has been granted at least the [roles/secretmanager.secretAccessor](https://cloud.google.com/secret-manager/docs/access-control#secret-manager-roles) IAM role to access secret entries in Google Secret Manager.
+