I have an integration that should read a secret value (stored in kms).

I look for the best way to  access the secret  API through a REST task.

First a tried to setup an Auth profile using the service account type. I launched the integration and it failed with following output 

"error": { "code": 403, "message": "Permission denied on resource project xxxxxxx.", "status": "PERMISSION_DENIED", "details": [ { "@type": "type.googleapis.com/google.rpc.Help", "links": [ { "description": "Google developer console API key", "url": "https://console.developers.google.com/project/xxxxxx/apiui/credential" } ] }, { "@type": "type.googleapis.com/google.rpc.ErrorInfo", "reason": "CONSUMER_INVALID", "domain": "googleapis.com", "metadata": { "service": "secretmanager.googleapis.com", "consumer": "projects/xxxx" } }

The service account has the secret reader role associated.

Then I tried to setup a OAuth type Auth profile but the profile requires a secret? What should I put in the secret field? I have a json token that contains all the needed information but no secret field. Is it the private key?

Has someone already access a Google API from an integration with a service account?

Regards