Stay organized with collections
Save and categorize content based on your preferences.
Secrets have global names and globally replicated metadata, but the location
where the secret payload data is stored can be controlled using the replication
policy. Each secret has its own replication policy which is set at creation.
The locations in the replication policy cannot be updated.
A secret with an automatic replication policy has its payload data replicated
without restriction. This is the simplest configuration and is recommended for
most users. When creating a secret using the Google Cloud CLI or the web
UI, this is the default replication policy.
For billing purposes, a secret with an automatic
replication policy is considered to be stored in a single location.
For purposes of
resource location organization policy
evaluation, a secret with an automatic replication policy can only be created
if resource creation in global is allowed.
User Managed
A secret with a user managed replication policy has its payload data replicated
to a user configured set of locations. The secret can be replicated to any
number of supported locations. This may be
useful if there are requirements around where the secret payload data can be
stored.
For billing purposes, each location in the
user managed replication policy is considered a separate location.
For purposes of
resource location organization policy
evaluation, a secret with a user managed replication policy can only be created
if resource creation is allowed in all the selected locations.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Choose a replication policy\n\nSecrets have global names and globally replicated metadata, but the location\nwhere the secret payload data is stored can be controlled using the replication\npolicy. Each secret has its own replication policy which is set at creation.\nThe locations in the replication policy cannot be updated. \n\nThere are two replication policy types: [Automatic](#automatic) and\n[User Managed](#user-managed).\n\nAutomatic\n---------\n\nA secret with an automatic replication policy has its payload data replicated\nwithout restriction. This is the simplest configuration and is recommended for\nmost users. When creating a secret using the Google Cloud CLI or the web\nUI, this is the default replication policy.\n\nFor [billing purposes](/secret-manager/pricing), a secret with an automatic\nreplication policy is considered to be stored in a single location.\n\nFor purposes of\n[resource location organization policy](/resource-manager/docs/organization-policy/defining-locations)\nevaluation, a secret with an automatic replication policy can only be created\nif resource creation in `global` is allowed.\n\nUser Managed\n------------\n\nA secret with a user managed replication policy has its payload data replicated\nto a user configured set of locations. The secret can be replicated to any\nnumber of [supported locations](/secret-manager/docs/locations). This may be\nuseful if there are requirements around where the secret payload data can be\nstored.\n\nFor [billing purposes](/secret-manager/pricing), each location in the\nuser managed replication policy is considered a separate location.\n\nFor purposes of\n[resource location organization policy](/resource-manager/docs/organization-policy/defining-locations)\nevaluation, a secret with a user managed replication policy can only be created\nif resource creation is allowed in all the selected locations.\n\nWhat's next\n-----------\n\n- Learn more about [editing a secret](/secret-manager/docs/edit-secrets).\n- Learn more about [managing access to secrets](/secret-manager/docs/manage-access-to-secrets).\n- Learn more about [setting up rotation policies](/secret-manager/docs/secret-rotation)."]]
