Read default service agent in google cloud using terraform

jsonsolanki · April 15, 2025, 11:55am

I’m working with secret manager and kms using terraform. When I’m trying to deploy resource using terraform, it is showing me error like Error: Error applying IAM policy for KMS cryptokey "project/project_id/location/us-west1/KeyRing/xyz/cryptoKey/primary": Service account service-project_number@gcp-sa-secretmanager.iam.gserviceaccount.com does not exist.

how can I read default Service agent for secret manager using terraform?

wyardley · April 18, 2025, 4:32pm

Two possible things here

Make sure the API is enabled (and I would also suggest looking in the IAM panel in GCP, unchecking the box to make sure that you can see the google managed IAM members not in your account, which might help you verify that the account is there and what its name is).
Confusingly / annoyingly, you can’t use a data resource to retrieve these Google service accounts. but you can use the google_project_service_identity _resource` if you want… see some details here. It is often easier just to construct the account ID vs. doing it this way.

Topic		Replies	Views
Waiting for default secret of "default/project-home-global-sa" to appear Terraform	2	249	July 8, 2024
Error creating service account with Terraform Terraform	1	1375	July 1, 2021
Terraform replacement for gcloud projects add-iam-policy-binding Google	1	4192	July 22, 2021
Default secret no longer being generated for service account, with Kubernetes 1.24.0 Kubernetes	3	3178	May 12, 2023
Are there any ways to avoid errors when trying to read a KMS key during terraform plan? AWS	4	63	March 28, 2025

Read default service agent in google cloud using terraform

Related topics