google-kubernetes-enginepermission-deniedgoogle-secret-manager

Google Secret Manager doesn't have access to GKE


I've successfully created a GKE and deployed my service on it following these steps. Later I implemented Google Secret Manager in the service and redeployed it, but now I get this error message when I make a call: Reading key and secret failed: failed to get key: rpc error: code = PermissionDenied desc = Permission 'secretmanager.versions.access' denied for resource 'projects/*/secrets/*/versions/latest' (or it may not exist).

I gave the Secret Manager Admin Permission to ***-compute@developer.gserviceaccount.com (Compute Engine default service account), but I still get the same error message.

Did I forgot a last step?


Solution

  • These are the Basic IAM roles pertaining to secret manager:

    Error is related to your service account not having access to the secrets you created, as you have mentioned you have already added Secret Manager Admin which may not be enough for accessing secrets. So try adding Secret Manager Secret Accessor to the service account and let me know if you are facing errors.