Secure Source Manager overview

Secure Source Manager is a regionally deployed, single-tenant managed source code repository hosted on Google Cloud.

Secure Source Manager is generally available (GA) by invitation only. To use Secure Source Manager, contact your Google Account team.

Instances and repositories

Secure Source Manager instances are deployed to an available Google Cloud region and are accessible through their instance URIs. Repositories are created in the Secure Source Manager instance by using the web interface, or the Secure Source Manager API.

Separate roles and permissions are available for instances and repositories. See Access control with IAM for information on all Secure Source Manager roles and permissions.

Git actions

Repositories support all Git SCM client commands and have built-in pull requests and issue tracking. Both HTTPS and SSH authentication are supported.

For more information on SSH authentication, see SSH authentication.

To get started using Git source code with Secure Source Manager, see Use Git SCM.

Issues and pull requests

You can create issues and pull requests in the Secure Source Manager web interface. You can add Reviewers, labels, milestones, assignees and due dates to your pull requests. You can open an issue on a specific branch or tag, and add labels, milestones, and assignees to the issue. For more information on issues and pull requests, see Work with issues and pull requests.

Connect to other services

You can invoke builds automatically using Cloud Build triggers or Jenkins, and Secure Source Manager webhooks. For information on connecting to Cloud Build, see Connect to Cloud Build.

For information on connecting to Jenkins, see Connect to Jenkins.

Encrypt data

By default, Google Cloud automatically encrypts data when it is at rest using encryption keys managed by Google. If you have specific compliance or regulatory requirements related to the keys that protect your data, you can use customer-managed encryption keys (CMEK) for creating a Secure Source Manager instance.

When you enable CMEK, data at rest in the instance is encrypted using a key that you manage within Cloud Key Management Service. You can control access to the CMEK key using Identity and Access Management. If you temporarily disable or permanently destroy the CMEK key, data encrypted with that key cannot be accessed. For more information on creating Secure Source Manager instances using CMEK, see Customer-managed encryption keys.

Configure a private Secure Source Manager instance in a VPC Service Controls perimeter

You can use Secure Source Manager in a VPC Service Controls perimeter in order to guard against data exfiltration. For more information, see Configure Secure Source Manager in a VPC Service Controls perimeter.

What's next