I have google-cloud-secret-manager==1.0.0 installed, and I am trying to use it with Python 2.7 to retrieve values from SecreetManager. This is the code that I try to use:
from google.cloud import secretmanager
class GcpSecretManager(object):
def __init__(self, gcp_project):
self.gcp_project = gcp_project
self.secret_manager = secretmanager.SecretManagerServiceClient()
def get_full_name(self, name, version="latest"):
if '/' in name or '/' in version:
raise ValueError("Unexpected slash in name or version")
return "projects/{0}/secrets/{1}/versions/{2}".format(
self.gcp_project,
name,
version
)
def get_secret(self, short_name, version="latest"):
full_name = self.get_full_name(short_name, version)
response = self.secret_manager.access_secret_version(name=full_name)
data = response.payload.data
return data
if __name__ == "__main__":
secrets = GcpSecretManager("my_project")
secret = secrets.get_secret("my_user")
print("Secret:", secret)
The error that I get is google.api_core.exceptions.PermissionDenied: 403 Permission 'secretmanager.versions.access' denied for resource 'projects/my_project/secrets/amy_user/versions/latest' (or it may not exist)
with some references to secret_manager_service_client.py:
File "C:\Python27\lib\site-packages\google\cloud\secretmanager_v1\gapic\secret_manager_service_client.py", line 968, in access_secret_version request, retry=retry, timeout=timeout, metadata=metadata.
When I run the following command via cmd, it does retrieve the secret which indicates that the machine does have permissions to access that project:
gcloud secrets versions access latest --secret=my_user --project=my_project
Any suggestions why I can't retrieve the same secret with Python 2.7? The same code does work in Python 3 with some minor changes (i.e. class GcpSecretManager and data = response.payload.data.decode("UTF-8").)
