Home > Mobile >  How to give permission to applications running on GCP cloud run to access gcp services
How to give permission to applications running on GCP cloud run to access gcp services

Time:02-15

I am developing a nodejs application that accesses secrets from gcp secret manager. I ran it locally with directing credentials using the GOOGLE_APPLICATION_CREDENTIALS variable.

Then I tried deploying this service to google cloud run, now it throws the error

 Error: 7 PERMISSION_DENIED: Permission 'secretmanager.versions.access' denied

I want to know how to add credentials to cloud-run containers. I saw some implementations where the credential file is included inside the code. what is the best practice of accessing gcp resources from cloud run container?

CodePudding user response:

You might like to find a service account used by your Cloud Run, and grant that service account a relevant IAM role against the desired secret - most likely a Secret Manager Secret Accessor role (roles/secretmanager.secretAccessor).

You don’t need any credentials file. And under any circumstances, please, don't keep any credentials in a code repository.

======

Updated following @kolban comment

  • Related