12/03/2019, 6:29 PM
hello, I can't configure secrets provider Google KMS, it keeps saying
Copy code
Sorry, could not create stack 'dev': secrets (code=PermissionDenied): rpc error: code = PermissionDenied desc = Permission 'cloudkms.cryptoKeyVersions.useToEncrypt' denied on resource 'projects/<proj>/locations/us-central1/keyRings/<keyring>/cryptoKeys/<key>' (or it may not exist).
I verified that access is OK, I can encrypt/decrypt with gcloud cli
Solved the issue. It's needed to set "Application Default Credentials" per . Gcloud SDK cli uses different auth approach, that's why I was able to encrypt/decrypt with
gcloud kms ...