Cloud KMS decrypt issue

Question

Cloud KMS decrypt issue

mukesh-panigrahi opened this issue 6 years ago · 3 comments

I have modified the tf files for a particular defined GCP project.

But got one issue in KMS decrypt

Output

1 error(s) occurred:

* data.google_kms_secret.keys: data.google_kms_secret.keys: Error decrypting ciphertext: googleapi: Error 400: Decryption failed: verify that 'name' refers to the correct CryptoKey., badRequest

I checked in console and Cloud KMS key and root token is present as well.
Can you help on this.
Suggest me the possible reasons for this issue.

Answer 1 · 2019-01-16T10:45:37.000Z

Hi @mukesh-panigrahi

I have modified the tf files for a particular defined GCP project.

Can you explain more about the modifications you've made?

The error you're getting implies that the crypto key either does not exist or you do not have permission to use it.

Answer 2 · 2019-01-16T11:01:44.000Z

Actually..it worked when I destroyed the cluster and recreated it.
Could'nt find the exact reason, but i found the issue with gcs bucket.
Even on tf destroy, it didn't got deleted. Had to delete it manually.

Answer 3 · 2019-01-16T13:07:57.000Z

Okay - please feel free to comment if it occurs again