Google Cloud function accessing a secret from Secrets Manger

Question

I'm having issues getting a cloud function to access a secret from the secrets manager. Basically I want to have my front-end access secrets by sending a request to the backend and then the backend getting the secret from secrets manager.

My cloud function endpoint looks like this:

Endpoint.get("/get-key", authMiddleware, async (req: any, res: Response) => {
  try {
    const auth = new GoogleAuth({
      scopes: ['https://www.googleapis.com/auth/cloud-platform']
    });

    const project = req.params.projectId;
    const secret = req.params.secret;
    const name = `projects/${project}/secrets/${secret}/versions/latest`;
    const credentials = await auth.getCredentials();

    const ver = new SecretManagerServiceClient({credentials,projectId:project});
    const request = {
      name,
    };
    const response = await ver.accessSecretVersion(request);
    const payload = response.payload.data.toString();
    console.log(`Payload: ${payload}`);
    return res.status(200).send({ payload });
  } catch (error:any) {
    console.log("get key error: ", error);
    return res.status(500).send(error.message);
  }
});

When I try to access that endpoint I get this error:

PERMISSION_DENIED: Permission denied: Consumer 'project:undefined' has been suspended

I tried explicitly setting the projectId there and it still gives me that error. Not sure what else I can change. perhaps the "latest" is not a valid endpoint for the secrets manager.

Answer 1

PERMISSION_DENIED: Permission denied: Consumer 'project:undefined' has been suspended

The above error occurs when you exceed usage quota as discussed in this github thread or due to ToS violations. You may need to submit the appeal. You can contact Google support for the same.

Also make sure you have given secretAccessor role to your service account.