This message was deleted.
# golang
s
This message was deleted.
l
Copy code
package main

import (
	"<http://github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/kms|github.com/pulumi/pulumi-gcp/sdk/v5/go/gcp/kms>"
	"<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi|github.com/pulumi/pulumi/sdk/v3/go/pulumi>"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMBinding(ctx, "cryptoKey", &kms.CryptoKeyIAMBindingArgs{
			CryptoKeyId: pulumi.Any(google_kms_crypto_key.Key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Source: https://www.pulumi.com/registry/packages/gcp/api-docs/kms/cryptokeyiammember/
In your case, the
Members
should point to the email of your service account id.
b
Well that's a -lot- smaller .Thanks again @limited-rainbow-51650!
l
to be fully correct, rather than
user:<userEmail>
, you should have
serviceAccount:<saEmail>
🙌 1