I’m using the Stripe Node SDK within my Firebase Cloud Functions (v2) and running into a permissions issue when deploying one of my functions. Specifically, my handlestripewebhook function fails with the following error as viewed in Google Cloud Console:
Revision 'handlestripewebhook-00003-bob' is not ready and cannot serve traffic.
spec.template.spec.containers[0].env[7].value_from.secret_key_ref.name:
Permission denied on secret: projects/XYZ-1a45e/secrets/STRIPE_WEBHOOK_SECRET/versions/1 for
Revision service account [email protected].
The service account used must be granted the 'Secret Manager Secret Accessor' role
(roles/secretmanager.secretAccessor) at the secret, project or higher level.
Here is a screenshot of my IAM settings for reference:
I’m aware that the service account [email protected] needs the Secret Manager Secret Accessor role to access the secret. However, I’m unsure of the exact steps to grant that role to my handlestripewebhook function.
I’d appreciate any tips or steps on how to properly configure the permissions so that my function can read the Stripe webhook secret from Secret Manager. Thank you!
STRIPE_WEBHOOK_SECRET. The function reads the secret via the const stripeWebhookSecret = defineSecret('STRIPE_WEBHOOK_SECRET') syntax.Any guidance on how to properly set up this secret accessor role (or if there’s another permission I’m missing) would be greatly appreciated!