Comments (2)
I should add. I also have given both myself and the service account the Service Account Key Admin role.
from terraform-google-vault.
Hi @dboshardy
I've updated the README with additional permissions you might need for different Vault backends.
The default installation includes the most minimal set of permissions to run Vault. Certain plugins may require more permissions, which you can grant to the service account using service_account_project_additional_iam_roles:
GCP auth method
The GCP auth method requires the following additional permissions:
roles/iam.serviceAccountKeyAdmin
GCP secrets engine
The GCP secrets engine requires the following additional permissions:
roles/iam.serviceAccountKeyAdmin
roles/iam.serviceAccountAdmin
GCP KMS secrets engine
The GCP secrets engine permissions vary. There are examples in the secrets engine documentation.
from terraform-google-vault.
Related Issues (20)
- Use backend service for external balancer HOT 1
- Remove google project reference so module can be used with count HOT 2
- Provide existing KMS Key for init keys encryption HOT 1
- Unable to use module on Apply M1. HOT 2
- google_compute_instance_group_manager HOT 1
- Tls provider compatibility issue with M1 chip HOT 1
- The root ca and server cert validity_period is hardcoded HOT 1
- Usage of deprecated template_file
- Autoscaling on active/standby node HOT 1
- Dependency Dashboard
- Examples do not work - circular dependency? HOT 1
- Allow tls_save_ca_to_disk to also chose the filename of the full path of the local CA public certificate copy HOT 3
- Recreate MIG VMs after TLS cert update HOT 1
- compute router bgp keepalive_interval is not set HOT 2
- Support deployment to shared VPC with allow_public_egress
- Is bullseye officially supported yet for this module? HOT 1
- Permission 'cloudkms.cryptoKeys.get' denied on init setup HOT 3
- Autohealing port doesn't align with firewall rule port when not using internal LB HOT 1
- Permission 'cloudkms.cryptoKeys.get' denied on init setup HOT 2
- Googleapi error 403 Required 'compute.zones.list' permission for 'projects/XXX', forbidden
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-google-vault.