How to give permission to applications running on GCP cloud run to access gcp services
Question
I am developing a nodejs application that accesses secrets from gcp secret manager. I ran it locally with directing credentials using the GOOGLE_APPLICATION_CREDENTIALS variable.
Then I tried deploying this service to google cloud run, now it throws the error
Error: 7 PERMISSION_DENIED: Permission 'secretmanager.versions.access' denied
I want to know how to add credentials to cloud-run containers. I saw some implementations where the credential file is included inside the code. what is the best practice of accessing gcp resources from cloud run container?
1 answers
solution1
2 ACCPTED 2022-02-13 19:29:37
You might like to find a service account used by your Cloud Run , and grant that service account a relevant IAM role against the desired secret - most likely a Secret Manager Secret Accessor role (roles/secretmanager.secretAccessor).
You don't need any credentials file. And under any circumstances, please, don't keep any credentials in a code repository.
======
Updated following @kolban comment
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.