Secure Source Manager is generally available (GA) by invitation only. To use Secure Source Manager, contact your Google Account team.
Instances and repositories
Secure Source Manager instances are deployed to an available Google Cloud region and are accessible through their instance URIs. Repositories are created in the Secure Source Manager instance by using the web interface, or the Secure Source Manager API.
Separate roles and permissions are available for instances and repositories. See Access control with IAM for information on all Secure Source Manager roles and permissions.
Git actions
Repositories support all Git SCM client commands and have built-in pull requests and issue tracking. Both HTTPS and SSH authentication are supported.
For more information on SSH authentication, see SSH authentication.
To get started using Git source code with Secure Source Manager, see Use Git SCM.
Issues and pull requests
You can create issues and pull requests in the Secure Source Manager web interface. You can add Reviewers, labels, milestones, assignees and due dates to your pull requests. You can open an issue on a specific branch or tag, and add labels, milestones, and assignees to the issue. For more information on issues and pull requests, see Work with issues and pull requests.
Connect to other services
You can invoke builds automatically using Cloud Build triggers or Jenkins, and Secure Source Manager webhooks. For information on connecting to Cloud Build, see Connect to Cloud Build.
For information on connecting to Jenkins, see Connect to Jenkins.
Encrypt data
By default, Google Cloud automatically encrypts data when it is at rest using encryption keys managed by Google. If you have specific compliance or regulatory requirements related to the keys that protect your data, you can use customer-managed encryption keys (CMEK) for creating a Secure Source Manager instance.
When you enable CMEK, data at rest in the instance is encrypted using a key that you manage within Cloud Key Management Service. You can control access to the CMEK key using Identity and Access Management. If you temporarily disable or permanently destroy the CMEK key, data encrypted with that key cannot be accessed. For more information on creating Secure Source Manager instances using CMEK, see Customer-managed encryption keys.
Configure a private Secure Source Manager instance in a VPC Service Controls perimeter
You can use Secure Source Manager in a VPC Service Controls perimeter in order to guard against data exfiltration. For more information, see Configure Secure Source Manager in a VPC Service Controls perimeter.
What's next
- Enable the Secure Source Manager API.
- Create a Secure Source Manager instance.
- Create and clone a Secure Source Manager repository.
- Read about Software supply chain security.