Following ADR-002 highlighting the need to integrate with GCP services, we do need to decide what tech stack is going to be used to build GitLab Secrets Manager Service (GSMS).
At GitLab, we usually build satellite services around GitLab Rails in Go. This is especially a good choice of technology for services that may heavily leverage concurrency and caching, where cache could be invalidated / refreshed asynchronously.
Go-based GCP KMS client library also seems to expose a reliable interface to access KMS.
Implement GitLab Secrets Manager Service in Go. Use labkit as a minimalist library to provide common functionality shared by satellite servicies.
The team that is going to own GitLab Secrets Manager feature will need to gain more Go expertise.
We considered implementing GitLab Secrets Manager Service in Ruby, but we concluded that using Ruby will not allow us to build a service that will be efficient enough.