Hi everyone,
I am currently developing custom Jobs and scripts in the Google SecOps SOAR IDE using Python, and I'm facing an OpSec and architectural dilemma regarding credential management.
When I need to authenticate external API clients (like GCP Service Accounts, API tokens, or third-party platforms), the immediate path of least resistance is to hardcode these credentials directly into the script as dictionaries or string variables.
While the automation executes fine, hardcoding credentials in the IDE is obviously not a best practice. As it stands today, the only layer of security preventing exposure of these keys is the IAM role definitions controlling who has access to the SecOps IDE. This violates the principle of least privilege and defense in depth, as anyone viewing, reviewing, or exporting the code can read the sensitive material in clear text.
My questions are:
- Is there a native way to use "Environment Variables" or a built-in Secret Vault specifically for custom Python scripts/Jobs running via the SecOps IDE?
- What is the recommended architectural approach here? Can we leverage native SOAR Environment configurations, or is the standard practice to dynamically fetch these credentials from a tool like Google Secret Manager during runtime?
I am looking for a way to retrieve these credentials programmatically without exposing the raw values in the source code. Has anyone tackled this issue before or could point me toward the recommended best practice?
Thanks in advance!
