I have 2 GCP projects: Project A with Cloud KMS and Project B without.
I create a service account in project B and I give it access to the key through IAM In project A.
I create the service account key in project B and paste it as json in MongoDB
the I get the ressource ID from Project A where the key is located and paste it in the Key Version Resource ID
Why is it not working? it’s not supporting cross project access to keys?
External GCP Project A => Contains Cloud KMS with the key
External GCP Project B => Contains the service account having access as decrypter encrypter to the key in Project A
Key Version Resource ID => Come from Project A
Service Account Key => come from Project B which has access to the key located in the cloud KMS of project A.
Does both the Service Account (key) and the Key Version Resource ID need to come from the same GCP project containing the key?