Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Commit

Permalink
Give cleanup permission to cleanup keys
Browse files Browse the repository at this point in the history
  • Loading branch information
@sethvargo
sethvargo committed Jan 25, 2021
1 parent cb8bcbc commit c227cde
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions terraform/service_cleanup.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,18 @@ resource "google_kms_crypto_key_iam_member" "cleanup-database-encrypter" {
member = "serviceAccount:${google_service_account.cleanup.email}"
}

resource "google_kms_crypto_key_iam_member" "admin-cert-signing-keys" {
crypto_key_id = google_kms_crypto_key.certificate-signer.self_link
role = "roles/cloudkms.admin"
member = "serviceAccount:${google_service_account.cleanup.email}"
}

resource "google_kms_crypto_key_iam_member" "admin-token-signing-keys" {
crypto_key_id = google_kms_crypto_key.token-signer.self_link
role = "roles/cloudkms.admin"
member = "serviceAccount:${google_service_account.cleanup.email}"
}

resource "google_secret_manager_secret_iam_member" "cleanup-db-apikey-db-hmac" {
secret_id = google_secret_manager_secret.db-apikey-db-hmac.id
role = "roles/secretmanager.secretAccessor"
Expand Down

0 comments on commit c227cde

Please sign in to comment.