https://pulumi.com logo
Title
g

gentle-advantage-80069

07/05/2022, 3:33 PM
HI team, I need some help with the below issue:
āžœ   pulumi stack init test --secrets-provider="<gcpkms://projects/****/locations/global/keyRings/********/cryptoKeys/*****>"
Created stack 'test'
error: secrets (code=PermissionDenied): rpc error: code = PermissionDenied desc = Permission 'cloudkms.cryptoKeyVersions.useToEncrypt' denied on resource 'projects/prj-83923-s-orbit-8935/locations/global/keyRings/*****/cryptoKeys/******' (or it may not exist).
āžœ
I created the KMS ring and key manually in the console, and added my email in the permissions with KMS admin, and using the same email with gcloud auth on cmd line. ------------------ Not sure what is missing, but i really need some help here fixing this, thanks.
p

polite-napkin-90098

07/05/2022, 4:44 PM
wrong thread sorry...
b

billowy-army-68599

07/05/2022, 6:19 PM
@gentle-advantage-80069 this is a permissions issue on your side, if you can't read/write to the KMS key with your current credentials, Pulumi won't be able to either