Open in app

Sign in

Write

Sign in

An API request to the secret manager is extremely expensive & slow.
5
1

Sebastian Gug

guillaume blaquiere
Feb 5, 2023

Thanks for reading and for your great question.

You are absolutely true: the secret access can cost resource and latency.

As specified at the end, it's a matter of tradeoff. If you don't need to hot reload your secrets on the fly, reading secrets only once (using environment variable) is the best.

Your proposed solution, to notify a secret change by PubSub notification is interesting but works in 1 and only in 1 specific use case: set max instance equal to 1.

Indeed, the PubSub notification will reach ONLY ONE instance of the service and only this instance will process the event and update its secret. All the other instances won't receive the notification and won't update the secret. Except if you can ensure that you will have 1 and only 1 instance, therefore the max equal to 1

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

guillaume blaquiere
guillaume blaquiere

Written by guillaume blaquiere

2.9K Followers
4 Following

GDE cloud platform, Group Data Architect @Carrefour, speaker, writer and polyglot developer, Google Cloud platform 3x certified, serverless addict and Go fan.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams