Google cloud: invalid build: failed to check access to key

0
votes

Trying to create cloudbuild config for App Engine on Google cloud.
There are some encrypted environment variables that app needs. I did everything as this documentation says. When new Git commit has been pushed I'm always getting this error in cloudbuild log:

invalid build: failed to check access to "projects/$PROJECT_ID/locations/global/keyRings/my-key-ring/cryptoKeys/my-key"



Also, there is one more question. If I execute gcloud app deploy command from my laptop app is being deployed and then fails to run because of absent environment variables. Is that correct that I need to define these variables along with command like

> MY_VAR1=a MY_VAR2=b gcloud app deploy

? And if that's correct why it's not working?

1
google-app-enginegoogle-cloud-platform
Can you please provide exact command that produces this error? Also check necessary permissions as per documentation you provided. As for the second question here you can find how to provide env variables in app.yaml file.Emil Gi
First problem is a cloudbuild, it's triggered by push in dev branch. All permissions have been granted as documentation says. Second problem - just like in example, for example, there is STATIC_SECRET env variable that should be given to the app. If I run gcloud app deploy how am I supposed to set it? Because STATIC_SECRET=qwerty gcloud app deploy doesn't work. Sorry if that's weird question, docs cover simple use cases and it's completely unclear what to do with something complicatedWeekendMan
Provide your env variables in app.yaml file following the link i posted before. Then just use gcloud app deploy, the env variables will automatically propagate to the instance and be accessible by the app. as for the first question can you please post your cloudbuild.yaml file as well as full error message. Don't forget to remove sensible information from them first.Emil Gi

1 Answers

0
votes

I think the error is that the $PROJECT_ID variable is not supported in the kmsKeyName field. I had the same error and replacing $PROJECT_ID with my literal project-name was the fix.

See https://stackoverflow.com/a/56984975/771768 for a related problem.