I've cut this conversation off from the rest of the rest of the thread because this is really just for you David.
You just do not know what you are talking about, on multiple levels. You need to do some research and not trust what you get from AI systems. Trust security professionals. I am one; it is a major part of my job at an AI technology firm.
When people talk about AI systems, giving bad advice. This is precisely the kind of bad advice that people are talking about. I cannot repeat this enough. These systems do not think, they do not understand. Always double-check advice and in this case no security professional is going to tell you that you homespun system is as secure as a properly vetted and tested secret store.
You should already be using a password manager to store this kind of thing anyway. And all of them allow programmatic access. None of them cost anywhere close to £20 a month. So, if you are not already using one, I strongly urge you to do some research find one you like and use it. They are very inexpensive. 1Password is probably the best is about £2.40/mo and Keeper is only £1.20/mo. You wouldn't even pay £20 for an entire year.
For proper programmatic secret storage, AWS Secrets Manager costs just 40 cents a month for one secret and only 5 cents for 10,000 API calls to retrieve that secret. Assuming you retrieved the secret 10,000 times in a month, you would spend 45 cents or about £.36 per month. It would cost you less than £5 a YEAR to store your secret in AWS Secrets Manager.
Google is even cheaper than AWS, at only 6 cents per month per secret and 3 cents to access it 10,000 times. On top of all that, in GCP, the first six secrets are stored, and 10,000 requests are FREE.
All that together means you could get a proper password management system AND still store these kinds of programmatic secrets in GCP for less than £20 for an entire year.
Oh, and you are wrong; you don't control your secret yourself; you are putting it in Google anyway. You just aren't using the correct tool to do it. Use GCP Secrets Manager, it is built for this purpose, tested and vetted and would cost you nothing to use.
You are an amateur developer; I applaud that. I have been in this industry for over 30 years. My best advice is this. You will almost never encounter a novel and unique problem. Almost every problem you will see is one that has already been solved. Do not reinvent the wheel. Doing the exercise of solving the problem is good for learning but you will almost always arrive at a suboptimal solution. People with more knowledge have solved the problem before you; leverage that knowledge. Use the solutions that have already been built. This is true in all areas of engineering but especially true in the realm of security.
