0

I have a Cloud Function, in this function I'm connecting database through secrets by GCP

for my secrets I'm using different project id (com-project-data) For my Google Cloud Function I'm using another project id (com-project-common)

Exists a conflict because each project have a different service account, then I'm asking the following question...

Can I inject two differents service accounts in my Cloud Function? If this is probably,

How Can I do it?

Alberto Ornelas
  • 19
  • 1
  • 1
    You can do that but is not recommended. Instead, why don't you simply use a single SA and grant the needed permissions on both projects according to what it needs to access? – Puteri Nov 17 '22 at 19:44

1 Answers1

1

A service account is one identity. Your function has its own identity. Then, this identity should access the required resources.

Therefore, grant the Cloud Functions service account the permission to access the resources, secret or whatever.

In that concept, you can easily understand that you can't have 2 identities for the same service (Cloud Functions can't be schizophrenia!)

Of course, you can do unrecommended things, like using a service account key file for each project and have 2 authentications, but it's a terrible thing and you have to avoid this pattern.

guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76