Thread
#general
    g

    gentle-advantage-80069

    2 months ago
    HI team, I need some help with the below issue:
    āžœ   pulumi stack init test --secrets-provider="<gcpkms://projects/****/locations/global/keyRings/********/cryptoKeys/*****>"
    Created stack 'test'
    error: secrets (code=PermissionDenied): rpc error: code = PermissionDenied desc = Permission 'cloudkms.cryptoKeyVersions.useToEncrypt' denied on resource 'projects/prj-83923-s-orbit-8935/locations/global/keyRings/*****/cryptoKeys/******' (or it may not exist).
    āžœ
    I created the KMS ring and key manually in the console, and added my email in the permissions with KMS admin, and using the same email with gcloud auth on cmd line. ------------------ Not sure what is missing, but i really need some help here fixing this, thanks.
    p

    polite-napkin-90098

    2 months ago
    wrong thread sorry...
    b

    billowy-army-68599

    2 months ago
    @gentle-advantage-80069 this is a permissions issue on your side, if you can't read/write to the KMS key with your current credentials, Pulumi won't be able to either