Google Cloud Platform
I’m trying to limit access to secrets for specific
ServiceAccount. I’m trying with the
Secret Manager Admin Role and a specific condition (
But get the following error message:
# CREATE NEW SECRET $ gcloud secrets create SOME_PREFIX__czerasz_test_2 ERROR: (gcloud.secrets.create) User [[email protected]] does not have permission to access projects instance [my-project-2] (or it may not exist): Permission 'secretmanager.secrets.create' denied for resource 'projects/my-project-2' (or it may not exist). # DELETE EXISTING SECRET $ gcloud secrets delete SOME_PREFIX__czerasz_test_1 ERROR: (gcloud.secrets.delete) PERMISSION_DENIED: Permission 'secretmanager.versions.list' denied for resource 'projects/my-project-2/secrets/SOME_PREFIX__czerasz_test_1' (or it may not exist).
Could someone point me into the right direction?
The commands mentioned above work fine without the condition.
Are you just wanting to give a specific service account access or do you want to block anyone other than the service account? Because That wouldn’t stop someone from using going to secret permissiosn and granting the role roles/secretmanager.secretAccessor to get at the secret