github.com/emicklei/gmig@v1.18.3-0.20240405210147-57c940a1c6cf/examples/035_add_cloud_kms_cryptokey_decrypter_to_cloudbuilder_account.yaml (about) 1 # Add Cloud KMS CryptoKey Decrypter to cloudbuilder account 2 3 # https://cloud.google.com/kms/docs/iam 4 # https://cloud.google.com/kms/docs/reference/permissions-and-roles 5 6 do: 7 - gcloud kms keys add-iam-policy-binding CRYPTOKEY --location LOCATION --keyring KEYRING --member serviceAccount:00000000@cloudbuild.gserviceaccount.com --role roles/cloudkms.cryptoKeyDecrypter 8 9 undo: 10 - gcloud kms keys remove-iam-policy-binding CRYPTOKEY --location LOCATION --keyring KEYRING --member serviceAccount:00000000@cloudbuild.gserviceaccount.com --role roles/cloudkms.cryptoKeyDecrypter