Added a New Provider Component - Google Secrets Provider

.chloggen/google-secrets-manager-provider.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: new_component
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: confmap/googlesecretsprovider
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Initial implementation of secrets manager provider. Allows fetch secrets from Google Secrets Manager
+
+# One or more tracking issues related to the change
+issues: [39665]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

.github/CODEOWNERS

@@ -27,6 +27,7 @@ cmd/telemetrygen/                                                @open-telemetry
 confmap/provider/aesprovider/                                    @open-telemetry/collector-contrib-approvers @djaglowski
 confmap/provider/s3provider/                                     @open-telemetry/collector-contrib-approvers @Aneurysm9
 confmap/provider/secretsmanagerprovider/                         @open-telemetry/collector-contrib-approvers @atoulme
+confmap/provider/googlesecretsprovider/                          @open-telemetry/collector-contrib-approvers @XuechunHou
 connector/countconnector/                                        @open-telemetry/collector-contrib-approvers @djaglowski
 connector/datadogconnector/                                      @open-telemetry/collector-contrib-approvers @mx-psi @dineshg13 @ankitpatel96 @jade-guiton-dd @IbraheemA
 connector/exceptionsconnector/                                   @open-telemetry/collector-contrib-approvers @marctc

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -25,6 +25,7 @@ body:
       - cmd/oteltestbedcol
       - cmd/telemetrygen
       - confmap/provider/aesprovider
+      - confmap/provider/googlesecretsprovider
       - confmap/provider/s3provider
       - confmap/provider/secretsmanagerprovider
       - connector/count

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -19,6 +19,7 @@ body:
       - cmd/oteltestbedcol
       - cmd/telemetrygen
       - confmap/provider/aesprovider
+      - confmap/provider/googlesecretsprovider
       - confmap/provider/s3provider
       - confmap/provider/secretsmanagerprovider
       - connector/count

.github/ISSUE_TEMPLATE/other.yaml

@@ -19,6 +19,7 @@ body:
       - cmd/oteltestbedcol
       - cmd/telemetrygen
       - confmap/provider/aesprovider
+      - confmap/provider/googlesecretsprovider
       - confmap/provider/s3provider
       - confmap/provider/secretsmanagerprovider
       - connector/count

.github/ISSUE_TEMPLATE/unmaintained.yaml

@@ -24,6 +24,7 @@ body:
       - cmd/oteltestbedcol
       - cmd/telemetrygen
       - confmap/provider/aesprovider
+      - confmap/provider/googlesecretsprovider
       - confmap/provider/s3provider
       - confmap/provider/secretsmanagerprovider
       - connector/count

confmap/provider/googlesecretsprovider/Makefile

@@ -0,0 +1 @@
+include ../../../Makefile.Common

confmap/provider/googlesecretsprovider/README.md

@@ -0,0 +1,59 @@
+# Google Secrets Provider
+<!-- status autogenerated section -->
+| Status        |           |
+| ------------- |-----------|
+| Stability     | [development]  |
+| Distributions | [] |
+| Issues        | [![Open issues](https://img.shields.io/github/issues-search/open-telemetry/opentelemetry-collector-contrib?query=is%3Aissue%20is%3Aopen%20label%3Aprovider%2Fgooglesecretsprovider%20&label=open&color=orange&logo=opentelemetry)](https://github.com/open-telemetry/opentelemetry-collector-contrib/issues?q=is%3Aopen+is%3Aissue+label%3Aprovider%2Fgooglesecretsprovider) [![Closed issues](https://img.shields.io/github/issues-search/open-telemetry/opentelemetry-collector-contrib?query=is%3Aissue%20is%3Aclosed%20label%3Aprovider%2Fgooglesecretsprovider%20&label=closed&color=blue&logo=opentelemetry)](https://github.com/open-telemetry/opentelemetry-collector-contrib/issues?q=is%3Aclosed+is%3Aissue+label%3Aprovider%2Fgooglesecretsprovider) |
+| [Code Owners](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/CONTRIBUTING.md#becoming-a-code-owner)    | [@XuechunHou](https://www.github.com/XuechunHou) |
+
+[development]: https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/component-stability.md#development
+<!-- end autogenerated section -->
+
+## Summary
+
+This Provider component offers Otel users a secure way to reference secrets or sensitive information in their Otel Collector configurations using [Google Secret Manager](https://cloud.google.com/security/products/secret-manager). Users place placeholders in the format `${googlesecretsprovider:projects/<project Id>/secrets/<secret Id>/versions/<version Id>}` within their configurations. The actual secrets will then be fetched dynamically from [Google Secret Manager](https://cloud.google.com/security/products/secret-manager) during Otel Collector initialization.
+## How it works
+
+- Simply replace plaintext secrets within the Otel configurations with the placeholder: `${googlesecretsprovider:projects/<project Id>/secrets/<secret Id>/versions/<version Id>}`
+
+An example Otel configuration:
+
+```
+receivers:
+  otlp:
+    protocols:
+      grpc:
+      http:
+processors:
+  batch:
+
+exporters:
+  logging:
+    loglevel: debug
+  http:
+    endpoint: "https://example.com/api/metrics"
+    headers:
+      X-API-Key: ${googlesecretsprovider:projects/12345/secrets/my-secret/versions/1}
+service:
+  pipelines:
+    traces:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [logging, http]
+    metrics:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [logging, http]
+    logs:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [logging, http]
+
+```
+
+### Prerequisites
+1. Make sure to enable access to the [Secret Manager API](https://cloud.google.com/secret-manager/docs/accessing-the-api).
+2. Make sure to [add the secret entries to Google Secret Manager](https://cloud.google.com/secret-manager/docs/create-secret-quickstart) before referencing them in the Otel configurations. 
+
+

confmap/provider/googlesecretsprovider/go.mod

@@ -0,0 +1,55 @@
+module github.com/open-telemetry/opentelemetry-collector-contrib/confmap/provider/googlesecretsprovider
+
+go 1.25
+
+require (
+	cloud.google.com/go/secretmanager v1.14.7
+	github.com/googleapis/gax-go/v2 v2.14.1
+	github.com/stretchr/testify v1.10.0
+	go.opentelemetry.io/collector/confmap v1.30.0
+	go.uber.org/goleak v1.3.0
+)
+
+require (
+	cloud.google.com/go/auth v0.16.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
+	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	cloud.google.com/go/iam v1.5.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
+	github.com/google/s2a-go v0.1.9 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
+	github.com/hashicorp/go-version v1.7.0 // indirect
+	github.com/knadh/koanf/maps v0.1.2 // indirect
+	github.com/knadh/koanf/providers/confmap v0.1.0 // indirect
+	github.com/knadh/koanf/v2 v2.1.2 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/collector/featuregate v1.30.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
+	go.opentelemetry.io/otel v1.35.0 // indirect
+	go.opentelemetry.io/otel/metric v1.35.0 // indirect
+	go.opentelemetry.io/otel/trace v1.35.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.37.0 // indirect
+	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/oauth2 v0.29.0 // indirect
+	golang.org/x/sync v0.13.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	google.golang.org/api v0.229.0 // indirect
+	google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e // indirect
+	google.golang.org/grpc v1.71.1 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

confmap/provider/googlesecretsprovider/metadata.yaml

@@ -0,0 +1,8 @@
+type: googlesecretsprovider
+
+status:
+  class: provider
+  stability:
+    development: [provider]
+  codeowners:
+    active: [dashpole]