google-cloud-platformgcloudgoogle-cloud-sdk

gcloud secrets create always fails with “INVALID_ARGUMENT: The provided Project ID ... does not match the expected format [projects/*]”


I'm trying to create a new secret in Google Cloud Secret Manager using the ⁠gcloud CLI, but I always get the following error:

echo -n "my-secret-value" | gcloud --project=[MY_PROJECT_ID] secrets create MY_SECRET --data-file=-

or

gcloud config set project [MY_PROJECT_ID]
echo -n "my-secret-value" | gcloud secrets create MY_SECRET --data-file=-
ERROR: (gcloud.secrets.create) INVALID_ARGUMENT: The provided Project ID [projects/[MY_PROJECT_ID]/locations/[MY_REGION]] does not match the expected format [projects/*]

More context

Extra step to assure project is correct

When I run the following command, it returns the correct project number, confirming that my project ID is valid:

gcloud projects describe [MY_PROJECT_ID] --format="value(projectNumber)"

Creating a secret via the Cloud Console UI works fine.


Solution

  • Set the api_endpoint_overrides/secretmanager property to the regional endpoint using this command:

    gcloud config set api_endpoint_overrides/secretmanager https://secretmanager.<region>.rep.googleapis.com/
    

    OR

    export CLOUDSDK_API_ENDPOINT_OVERRIDES_SECRETMANAGER=https://secretmanager.<region>.rep.googleapis.com/
    

    Also, replication policy must be specified using the --replication-policy flag during secret creation.

    gcloud secrets create SECRET_ID \
    --replication-policy="REPLICATION_POLICY"
    

    To select the right replication policy for your secret, see Choose a Replication policy.