This page contains information related to upcoming products, features, and functionality. It is important to note that the information presented is for informational purposes only. Please do not rely on this information for purchasing or planning purposes. The development, release, and timing of any products, features, or functionality may be subject to change or delay and remain at the sole discretion of GitLab Inc.
Status Authors Coach DRIs Owning Stage Created
proposed devops verify -

GitLab Secrets Manager ADR 003: Implement Secrets Manager in Go

Following ADR-002 highlighting the need to integrate with GCP services, we do need to decide what tech stack is going to be used to build GitLab Secrets Manager Service (GSMS).


At GitLab, we usually build satellite services around GitLab Rails in Go. This is especially a good choice of technology for services that may heavily leverage concurrency and caching, where cache could be invalidated / refreshed asynchronously.

Go-based GCP KMS client library also seems to expose a reliable interface to access KMS.


Implement GitLab Secrets Manager Service in Go. Use labkit as a minimalist library to provide common functionality shared by satellite servicies.


The team that is going to own GitLab Secrets Manager feature will need to gain more Go expertise.


We considered implementing GitLab Secrets Manager Service in Ruby, but we concluded that using Ruby will not allow us to build a service that will be efficient enough.