Update docs with new Cloud KMS Viewer role

The addition of the new Cloud KMS Viewer IAM role renders the Cloud KMS Admin role obsolete. This commit updates documentation to refer to the Cloud KMS Viewer role, which grants a more limited subset of permissions while still allowing STET to look up key metadata. PiperOrigin-RevId: 401865645 Change-Id: Ibebe97150d47748d8f18584ab45c60949ab0a9a0
GoogleCloudPlatform · Oct 8, 2021 · 92c0582 · 92c0582
1 parent 21c249b
commit 92c0582
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/docs/quickstart_guide.md b/docs/quickstart_guide.md
@@ -20,14 +20,12 @@ Cloud KMS/EKM.
     account creation, add the following roles:
     *   **Service Account Token Creator**
         *   This is needed so that the service account can generate OIDC tokens
-            required to authenticate with CCKM.
-    *   **Cloud KMS Admin**
+            required to authenticate with EKMs.
+    *   **Cloud KMS Viewer**
         *   This is needed to query Cloud KMS for
-            [key metadata](https://cloud.google.com/kms/docs/reference/permissions-and-roles")
+            [key metadata](https://cloud.google.com/kms/docs/reference/permissions-and-roles)
             which applies to both keys stored in Cloud KMS and also external
             keys.
-            *   Note: The Cloud KMS Admin role is used to grant the
-                [cloudkms.cryptoKeys.get permission](https://cloud.google.com/kms/docs/reference/permissions-and-roles#predefined).
     *   **Cloud KMS CryptoKey Encrypter/Decrypter**
         *   This is needed so that the service account can use keys stored in
             Cloud KMS to