Error: access denied when trying to use secrets file


I am trying to use google_application_credentials in my application, and I

  1. added it to my secrets via the secrets file. I can confirm that my secret is there when I look at the shell
  2. setting the GOOGLE_APPLICATION_CREDENTIALS env variable as /etc/secrets/google_application_credentials.json

in my logs, when my application tries to instantiate, I get the following error

EACCES: permission denied, open ‘/etc/secrets/…2024_01_23_06_33_29.3584232371/google_application_credentials.json’

Why is it permission denied, and why is there an extra path there? Thanks

Note that my library code works correct locally when I set up the env variables .

also, I see the google_application_credentials.json file in the /etc/secrets directory via shell, but I don’t see it in the home directory (in my case /app)

when I ls this path /etc/secrets/…2024_01_23_06_33_29.3584232371/ it gives me the file, which I think means that the /etc/secrets/google_application_credentials.json file is a symlink and not the actual file. How can I read the actual file?

it looks like /etc/secrets/google_application_credentials.json points to …data/google_application_credentials.json

/app $ ls -lah /etc/secrets/google_application_credentials.json
lrwxrwxrwx 1 root root 42 Jan 23 17:46 /etc/secrets/google_application_credentials.json → …data/google_application_credentials.json

which has the following permissions

/app $ ls -lah /etc/secrets/…data/google_application_credentials.json
-rw------- 1 root root 2.3K Jan 23 17:46 /etc/secrets/…data/google_application_credentials.json

I was able to fix this by changing my dockerfile to run as root

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.