Check out this article that shares results presented at DEFCON 32 about secret findings.

TL;DR We scanned 8,400+ public GCP images and did not find a single exposed secret! That’s a dramatic reversal compared to the hundreds we found in AWS AMIs and dozens in Azure Public images. GCP’s curated, tightly- controlled image marketplace has seemingly eliminated secret exposure in its cloud images.

https://trufflesecurity.com/blog/guest-post-gcp-cloudquarry-searching-for-secrets-in-public-gcp-images