Home > Mobile >  How to give permission to applications running on GCP cloud run to access gcp services
How to give permission to applications running on GCP cloud run to access gcp services

Time:02-15

I am developing a nodejs application that accesses secrets from gcp secret manager. I ran it locally with directing credentials using the GOOGLE_APPLICATION_CREDENTIALS variable.

Then I tried deploying this service to google cloud run, now it throws the error

 Error: 7 PERMISSION_DENIED: Permission 'secretmanager.versions.access' denied

I want to know how to add credentials to cloud-run containers. I saw some implementations where the credential file is included inside the code. what is the best practice of accessing gcp resources from cloud run container?

CodePudding user response:

You might like to find a service account used by your Cloud Run, and grant that service account a relevant IAM role against the desired secret - most likely a Secret Manager Secret Accessor role (roles/secretmanager.secretAccessor).

You don’t need any credentials file. And under any circumstances, please, don't keep any credentials in a code repository.

======

Updated following @kolban comment

Page link:https//www.codepudding.com/Mobile/301126.html

Prev:Error when running a container using --name flag
Next:Parametrizing base image version in Dockerfile of Docker container Github action
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding