This page is also available as Markdown for AI agents and large language models. Append .md to this page's URL (for example, https://enkryptify.com/pricing.md), or request this URL with the HTTP header Accept: text/markdown, to receive a clean Markdown version. A machine-readable index of the whole site is at https://enkryptify.com/llms.txt.
No credit cardEU-hostedISO 27001 certifiedOpen source
Google Cloud Secret Manager is a tidy, inexpensive service for GCP-resident workloads. It stores versioned secrets, encrypts them with Google-managed or customer-managed keys, and integrates cleanly with Cloud Run, Cloud Functions and GKE through IAM. For storing secrets inside GCP, it does the job at a very low price.
Its rotation is the part to read carefully. Secret Manager does not rotate the secret value. On a schedule it publishes a notification to a Pub/Sub topic, and you build the job that creates the new credential and writes the new version. Enkryptify rotates the value itself across providers, watches for leaked keys and revokes them on its own, across every cloud rather than one.
On GCP, a rotation schedule publishes a SECRET_ROTATE message to a Pub/Sub topic at the time you set. That is the whole built-in behavior. To actually change the credential you write a subscriber and a job that generates the new value, writes the new version and updates the services that use it.
Enkryptify rotates the value itself. It replaces Postgres, OpenAI, OpenRouter, Resend and more on a schedule and rolls the new value out everywhere it is used, with no Pub/Sub plumbing to build or maintain.
Rotated and revoked 2.0s after the leak.
Google detects leaks of its own credential types across the platform, but Secret Manager does not watch the arbitrary secrets you store, like a Stripe or OpenAI key, and it does not revoke them. Anomaly detection lives in separate products.
Enkryptify watches for exposed secrets and unusual access, then rotates or revokes the affected secret within seconds, in the same product that stores it.
Secret Manager is bound to a Google Cloud project and Google IAM. If any part of your stack runs on AWS, Azure or on-prem, you are either carrying Google credentials into it or running a second secrets store there.
Enkryptify holds one vault across all of your clouds and syncs to GCP, AWS, Azure, GitHub and more, so secrets are not split across consoles you have to keep in step.
Teams usually move when their stack stops being GCP-only, or when building and babysitting rotation jobs gets old. Keep Secret Manager for GCP-native storage if you like, and move the cross-cloud secrets and the rotation to Enkryptify. There is no automated importer yet, so secrets move manually for a focused set.
Start free, no credit card. Get real rotation, leak detection and automatic response across GCP and every other cloud you run.
ISO 27001 certified · EU data residency · GDPR aligned