Secrets Management in Google Cloud Functions and Cloud Run
Google Cloud Functions (GCF) and Cloud Run needed a better way to handle Secrets. Secrets are pieces of information which a program needs to refer to, but which need higher levels of protection (e.g. database passwords). We needed to know what our users wanted out of Secrets management, and run some usability testing on a prototype of a Secret Manager product (which had never been tested with users before). Carolyn Knight and I co-led this project, in collaboration with 4 other members of our Serverless UX team in San Francisco and the Secret Manager team in New York.
Research Questions
How are current users managing secrets?
What would make secrets management easier?
Does the Secret Manager prototype meet those needs?
The Work
Met with PMs and other stakeholders across several teams to identify research questions. Designed study protocol and screener survey to recruit participants. Co-led remote interviews and user tests with 6 cloud engineers at enterprise-level businesses. Independently owned analysis of interview and usability data. Reported findings to Google Cloud Functions, Cloud Run, and Secret Manager teams.
Results and Impact
Refined integration of Secret Manager product with GCF and Cloud Run
Explored users’ current Secret management practices
Identified users’ concern that another person at their organization might delete a Secret which the user’s projects still relied upon
Increased ease of use of Secret Manager UI by placing buttons that affected a specific version closer to the version list, rather than in a toolbar at the top of the screen (pictured below)
Reflection
I reported the findings separately for three different teams for scheduling reasons, but the project would have had more impact if all the stakeholders could discuss the findings together. Because Cloud Run was in beta when this study was performed, users were difficult to find, and we had to compromise by recruiting GCF users who had experimented with Cloud Run on their own time.