In case the secret should be stored as a username and password, the username should be specified in a secret label but if the username contains the @ sign it isn't allowed in the gcp secret manager label.

Today usernames in the email format are very common so that limitation is the blocker,

Suggestion : store the username as the secret annotation instead of the label.