2

My deployment of a Google Cloud Function is failing and this is all I'm getting in the logs:

Could not fetch secret "projects/xxx/secrets/xxx/versions/latest" for environment variable "xxx". Instance startup will now abort.

I've made sure that the Cloud Function's runtime account has the Secret Manager Secret Accessor role.

I've tried enabling Secret Manager Secret Accessor from the Cloud Build Settings page, but it still didn't work.

What role(s) should I be granting to which principal(s) to get this to work?

Pepe Bawagan
  • 61
  • 6

3 Answers3

2

As it turns out, I missed adding any versions to the failing secret. It worked when I tried again after entering a value.

Pepe Bawagan
  • 61
  • 6
0

It can be the same if the latest version has been destroyed. In this case, either republish a valid version, or point to another version, not latest.

Serge B.
  • 792
  • 10
  • 17
0

if you are on GitHub action, and your function uses a different service account if you try to deploy using firebase CLI. You might get this error
For some reason, during cloud function deployment with firebase CLI, the default service account is used ([appengine]@appspot.gserviceaccount.com) if this service account is deleted or doesn't have the Secret Manager Accessor role the cloud function gets stuck.

You can either
1 create a new AppEngine default service account or
2 use https://github.com/google-github-actions/deploy-cloud-functions

if your option is 2 kindly specify 

with
  service_account_email: "your cloud function runtime service account email"
AyoAyomide
  • 71
  • 1
  • 4