No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Has anyone managed to use Pulumi for the new GCP secret manager? I am having 403 issues creating secrets. I am able to create resources in the same Pulumi stack, so I am authenticated in Pulumi. Creating secrets with curl works fine, so I have permissions. If I compare the request sent by Pulumi and the curl command line, I see that the headers 'authorization' and 'x-goog-user-project' are missing. I'll put details in thread.

I don't know how to debug the problem from here, so pointers would be welcome.

From pulumi log with --debug and TF_LOG=TRACE:

```    debug: Google API Request Details:
    debug: ---[ REQUEST ]---------------------------------------
    debug: incoming output value translated:  -&gt; 
    debug: POST /v1beta1/projects/my-project-88b03ea/secrets?alt=json&amp;secretId=my-secret-name HTTP/1.1
    debug: incoming output property translated: id -&gt; id
    debug: Host: <http://secretmanager.googleapis.com|secretmanager.googleapis.com>
    debug: User-Agent: HashiCorp Terraform/0.11+compatible (+<https://www.terraform.io>) Terraform Plugin SDK/1.4.0 terraform-provider-google-beta/dev
    debug: incoming output value translated: projects/my-project -&gt; projects/my-project
    debug: Content-Length: 33
    debug: Content-Type: application/json
    debug: incoming output property translated: number -&gt; number
    debug: Accept-Encoding: gzip
    debug: 
    debug: incoming output value translated: 608582423015 -&gt; 608582423015
    debug: {
    debug: incoming output property translated: labels -&gt; labels
    debug:  "replication": {
    debug:   "automatic": {}
    debug: incoming output value translated: {} -&gt; {}
    debug: incoming output property translated: projectId -&gt; project_id
    debug:  }
    debug: }
    debug: incoming output value translated: my-project -&gt; my-project
    ```

```&gt; curl "<https://secretmanager.googleapis.com/v1beta1/projects/my-project-88b03ea/secrets?secretId=test-secret>" --request "POST"  --header "authorization: Bearer $(gcloud auth print-access-token)"  --header "content-type: application/json" --header "x-goog-user-project: my-project-88b03ea" --data "{\"replication\": {\"automatic\": {}}}"```

<https://github.com/pulumi/pulumi/issues/3944>