This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

unable to access secrets from correct projects

Posted on 11-07-2023 03:10 AM
Monalisa123
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We have added new secrets in our code and in cloudbuild.yaml mentioning same as other secrets

- '--update-secrets=secretname=projects/${_SECRET_PROJECT_NUMBER}/secrets/secretname:latest'
      - '--region=${_LOCATION}'
It is trying to access secrets from the project where my cloud build and source repo is there not from
_SECRET_PROJECT_NUMBER and giving below error.
 
com.google.api.gax.rpc.PermissionDeniedException: io.grpc.StatusRuntimeException: PERMISSION_DENIED: Permission 'secretmanager.versions.access' denied for resource 'projects/cloudbuildproj/secrets/secretname/versions/latest' (or it may not exist).
 
FYI Other secrets working fine
 
 
0 1 1,164
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
lawrencenelson
Staff
Reply posted on --/--/---- --:-- AM

Hi @Monalisa123,

Welcome to the Google Cloud Community!

@Monalisa123 wrote:

FYI Other secrets working fine

Are these secrets located within the same project where you're experiencing the error?

It's possible that the secret is being referenced incorrectly in ${_SECRET_PROJECT_NUMBER}. Could you try entering the project number directly instead?

Also, kindly check that the service account has the appropriate roles, specifically the secretmanager.secretAccessor and secretmanager.viewer roles. You may view this Stack Overflow thread for further solutions.

Let me know if it worked so we can troubleshoot further. Thank you.

 

0 Likes
Top Solution Authors
View all