github.com/emicklei/gmig@v1.18.3-0.20240405210147-57c940a1c6cf/examples/035_add_cloud_kms_cryptokey_decrypter_to_cloudbuilder_account.yaml (about)

     1  # Add Cloud KMS CryptoKey Decrypter to cloudbuilder account
     2  
     3  # https://cloud.google.com/kms/docs/iam
     4  # https://cloud.google.com/kms/docs/reference/permissions-and-roles
     5  
     6  do:
     7  - gcloud kms keys add-iam-policy-binding CRYPTOKEY --location LOCATION --keyring KEYRING --member serviceAccount:00000000@cloudbuild.gserviceaccount.com --role roles/cloudkms.cryptoKeyDecrypter
     8  
     9  undo:
    10  - gcloud kms keys remove-iam-policy-binding CRYPTOKEY --location LOCATION --keyring KEYRING --member serviceAccount:00000000@cloudbuild.gserviceaccount.com --role roles/cloudkms.cryptoKeyDecrypter