unable to access secrets from correct projects

anonymous · November 7, 2023, 11:10am

We have added new secrets in our code and in cloudbuild.yaml mentioning same as other secrets

‘–update-secrets=secretname=projects/${_SECRET_PROJECT_NUMBER}/secrets/secretname:latest’
‘–region=${_LOCATION}’
It is trying to access secrets from the project where my cloud build and source repo is there not from
_SECRET_PROJECT_NUMBER and giving below error.

com.google.api.gax.rpc.PermissionDeniedException: io.grpc.StatusRuntimeException: PERMISSION_DENIED: Permission ‘secretmanager.versions.access’ denied for resource ‘projects/cloudbuildproj/secrets/secretname/versions/latest’ (or it may not exist).

FYI Other secrets working fine

lawrencenelson · November 8, 2023, 9:32pm

Hi @Monalisa123 ,

Welcome to the Google Cloud Community!

Are these secrets located within the same project where you’re experiencing the error?

It’s possible that the secret is being referenced incorrectly in ${_SECRET_PROJECT_NUMBER}. Could you try entering the project number directly instead?

Also, kindly check that the service account has the appropriate roles, specifically the secretmanager.secretAccessor and secretmanager.viewer roles. You may view this Stack Overflow thread for further solutions.

Let me know if it worked so we can troubleshoot further. Thank you.

Topic		Replies	Views
PERMISSION_DENIED: perission denied to access secret of secret manager Compute Infrastructure	0	10	November 6, 2023
Cloud Build Fails to Access Secret Manager: Permission 'secretmanager.versions.access' Denied Compute Infrastructure	1	85	January 29, 2025
cloud build service account impersonation get secret from another project Compute Infrastructure	1	14	January 4, 2023

unable to access secrets from correct projects

AI Suggested topics