# general


09/26/2022, 9:33 PM
hey guys, is there any way to get a reference of the user/serviceaccount that is running the pulumi command? I’m trying to create a
GCP CloudRun
service, but as specified in the docs, unless you specify a
ServiceTemplateSpec serviceAccountName
it will use the default cloud engine service account which has Editor permissions and therefore gets a permission denied on SecretManager resources for example. I’m setting my service account credentials in my stack config file through the
value. Any help or tips would be greatly appreciated!


09/26/2022, 9:52 PM
Is this the correct way to go? Is it feasible that you might specify a different account for this purpose than the one being used to run the deployment? I think providing the correct service account name as a stack config parameter might be more robust.


09/26/2022, 10:01 PM
You’re absolutely right! The more I was messing around with this idea, the more I’ve come to the same conclusion. I think the best would be to create a service account that only has CloudRun privileges and Secret Manager Accessor in this case 🙂