gcpArchived
1 messages
Google Cloud Platform
Michał Czeraszkiewiczalmost 4 years ago
Hi 👋,
I'm trying to limit access to secrets for specific
But get the following error message:
Could someone point me into the right direction?
The commands mentioned above work fine without the condition.
I'm trying to limit access to secrets for specific
ServiceAccount. I'm trying with the Secret Manager Admin Role and a specific condition (resource.name.startsWith("SOME_PREFIX__")).But get the following error message:
# CREATE NEW SECRET
$ gcloud secrets create SOME_PREFIX__czerasz_test_2
ERROR: (gcloud.secrets.create) User [sa-name@my-project-1.iam.gserviceaccount.com] does not have permission to access projects instance [my-project-2] (or it may not exist): Permission 'secretmanager.secrets.create' denied for resource 'projects/my-project-2' (or it may not exist).
# DELETE EXISTING SECRET
$ gcloud secrets delete SOME_PREFIX__czerasz_test_1
ERROR: (gcloud.secrets.delete) PERMISSION_DENIED: Permission 'secretmanager.versions.list' denied for resource 'projects/my-project-2/secrets/SOME_PREFIX__czerasz_test_1' (or it may not exist).Could someone point me into the right direction?
The commands mentioned above work fine without the condition.