So i’m trying to create a redis cluster using a CMEK and i get this useful error: "Unable to delegate the access of CMEK"
Whats that all about then?
So i’m trying to create a redis cluster using a CMEK and i get this useful error: "Unable to delegate the access of CMEK"
Whats that all about then?
2
Answers
I’m facing the same issue, I tried giving Redis service agent the cloudkms.cryptoKeyEncrypterDecrypter role on the keyring I use and also on the key itself, it didn’t help.
If you find a solution I’d be glad to know.
Ensure that the user or service account trying to delegate access to CMEK has the necessary permissions. They should also have
cloudkms.cryptoKeyVersions.useToEncryptandcloudkms.cryptoKeyVersions.viewpermissions on the relevant key.You might also need to identify and view CMEK configuration errors. See this document.