Why do I get `secretmanager.versions.access` denied in GCP?

Question

I am trying to access a secret stored in secrets manager. I created a service account with owner role. I created a key from it. I run: but I get: I checked the secret_name was the same as the secret's value in secret manager. I have tried adding Secret Manager Secret Accessor and Secret Manager Viewer roles. Edit: running this

Accepted Answer

I think the issue is that the code is taking the Default Credentials of the Cloud Shell instead of using your SA key.You can specify the credentials when creating the clientfrom google.cloud import secretmanagerfrom google.oauth2 import service_accountcredentials = service_account.Credentials.from_service_account_file("./keyfile.json")secret_client = secretmanager.SecretManagerServiceClient(credentials=credentials)secret_name = f'projects/{project_id}/secrets/{secret_id}/versions/{version_id}'response = secret_client.access_secret_version(request={"name": secret_name})Another option using some of the methods found in the library docs:from google.cloud import secretmanagersecret_client = secretmanager.SecretManagerServiceClient.from_service_account_file("./keyfile.json")secret_name = f'projects/{project_id}/secrets/{secret_id}/versions/{version_id}'response = secret_client.access_secret_version(request={"name": secret_name})Just as an advice, being newbie does not mean you cannot Google a little more to search for something like how to use a SA as credential for the client of the library you&#8217;re using.For example you could easily find this doc which shows a sample.Anyway, good luck with GCP!

Advertisement

Answer