cloudrun identity should only need to read

libops · Jan 13, 2025 · fd6d854 · fd6d854
1 parent cf41dd1
commit fd6d854
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/policies/gcp-kv1.hcl b/policies/gcp-kv1.hcl
@@ -1,3 +1,3 @@
 path "secret/{{identity.entity.metadata.project_id}}/*" {
-  capabilities = ["create", "read", "update", "delete", "list"]
+  capabilities = ["read", "list"]
 }