I’m trying to use Google Secret Manager as a credentials backend, but I couldn’t find in the documentation what the expected format of the secret version is.
I have a few questions:
Is the value of the secret supposed to be a JSON object or just a raw string?
Should I create one secret per credential (e.g., one per password), or can I store multiple credentials in a single secret?
If anyone could share an example of how you use it with n8n, that would be super helpful!
Just to follow up and close this thread: I discussed this directly with the n8n support team, and here are the key takeaways:
The current Google Secret Manager (GSM) integration only supports plain string values, not JSON key/value pairs.
Storing credentials as a structured JSON (e.g. for multiple fields like username/password) is not supported at this time, though it’s being tracked internally for future improvements.
The GSM secret name should not contain hyphens; using them may cause 400 errors during refresh.
A 400 error can also happen if the service account used by n8n doesn’t have appropriate permissions. However, n8n shouldn’t need full project-level access — resource-level permissions (only on the specific secret) should be enough.
Creating one secret per string isn’t ideal in some setups (e.g., infrastructure as code with limited scopes), and support acknowledged this as a valid limitation.
The support team added this feedback to their internal issue tracking GSM improvements. For now, I’ll wait for better support before adopting it in production.
