I’m a bit stumped about why I still can’t access my secrets from Javascript running on my desktop. FWIW this is my first test of secret access. I think I narrowed the problem down to
- works properly when running node -e “… code…” from command line
- fails using npm run dev (running a vite environment)
- if true, then I need the magic for passing ADC creds into the vite environment
In more detail …
First, this is the error message I get when running my code via npm run dev (ie. vite)
PERMISSION_DENIED: Permission ‘secretmanager.versions.access’ denied for resource ‘projects/(PII Removed by Staff)/secrets/LF_Secret1/versions/latest’ (or it may not exist).
Backing up a bit here’s what works:
- I have permission. I’m the project owner and I explicitly have Secret Manager Admin permissions
- gcloud secrets versions access latest --secret=LF_Secret1 --project=(PII Removed by Staff)
- WORKS returns the secret value (LF_Secret1v1). ie. my perms work via cli
- gcloud auth application-default login succeeds
- gcloud auth application-default print-access-token
- succeeds and returns my token
- node -e ”… client.accessSecretVersion({
name: ‘projects/(PII Removed by Staff)/secrets/LF_Secret1/versions/latest’ })- WORKS - so the ADC setup is correct
THEN I get Permission failure when I run
- npm run dev (creates a vite environment)