Skip to content
This repository was archived by the owner on Jul 26, 2022. It is now read-only.

Commit 6f15d49

Browse files
csiejoeycsiejoey
authored
docs: grant GCP sa access to secret manager (#711)
1 parent e47dee0 commit 6f15d49

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -742,6 +742,10 @@ Create the policy binding:
742742

743743
gcloud iam service-accounts add-iam-policy-binding --role roles/iam.workloadIdentityUser --member "serviceAccount:$CLUSTER_PROJECT.svc.id.goog[$SECRETS_NAMESPACE/kubernetes-external-secrets]" my-secrets-sa@$PROJECT.iam.gserviceaccount.com
744744

745+
Grant GCP service account access to secrets:
746+
747+
gcloud projects add-iam-policy-binding $PROJECT_ID --member=serviceAccount:my-secrets-sa@$PROJECT.iam.gserviceaccount.com --role=roles/secretmanager.secretAccessor
748+
745749
##### Deploy kubernetes-external-secrets using a service account key
746750

747751
Alternatively you can create and mount a kubernetes secret containing google service account credentials and set the GOOGLE_APPLICATION_CREDENTIALS env variable.

0 commit comments

Comments
 (0)