Reputation: 81
Cloud Run - PermissionDenied: 403 Permission 'secretmanager.versions.access' denied for resource
Super annoying issue going on, and I hope it is something simple that I am missing that someone can point out.
I deployed an app using Cloud Run. I then created a job in Cloud Scheduler using a service account with Owner permissions on my project to generate the OIDC for the Auth header.
The app successfully processes the request, but then within the logic of my app, I am getting the Secret Manager permissions denied error.
My only guess as to what is going on is that the service account I am using in the cloud scheduler is not the one that cloud run is using to authenticate to Secret Manager, but I have granted the Secret Manager Secret Accessor role to every service account I can think of.
Any ideas?
Upvotes: 3
Views: 4580
Answers (1)
Reputation: 81
After going through all the comments here. I restarted the process using a service account with owner permissions, which worked fine. I then created a new service account and gave it one permission at a time until it fixed the issue.
Upvotes: 0
Related Questions
- Why do I get `secretmanager.versions.access` denied in GCP?
- accessing secret from google secret manager
- Google Secret Manager secrets do not seem to work yet I can find nothing wrong
- How to properly use a secret from the Secret Manager in a Cloud Run deployment via gcloud shell
- getEffectiveOrgPolicy error on google cloud run secret mounted volume
- Cloud Scheduler has Permission Denied when attempting to run a Cloud Run job
- Problems on Accessing Secret Manager on Google Cloud
- Authentication issues with cloud scheduler
- Permissions denied for Google Cloud Scheduler
- GCP - Can't use Google Secret Manager (@google-cloud/secret-manager) inside Cloud Run