Google Secret Manager Integration - Not resolved: no resolver that can handle the secret

As a part of evaluating Google Secret Manager Integration with GitLaB SaaS (premium) for our organization, for this we setup a simple pipeline to resolve docker password stored in GCP Secret Manager, then to have a successful docker login with the resolved credentials
However, the secrets are not getting resolved and pipeline execution is failing

Reference: Use GCP Secret Manager secrets in GitLab CI/CD | GitLab

Observation

  • During pipeline execution can see “WARNING: Not resolved: no resolver that can handle the secret”
  • The pipeline execution is failing i.e the docker login failing due to GCP secret manger not getting resolved.
Running with gitlab-runner 16.6.0~beta.105.gd2263193 (d2263193)

[2](#L2) on blue-3.saas-linux-small-amd64.runners-manager.gitlab.com/default zxwgkjAP, system ID: s_d5d3abbdfd0a

[3](#L3) feature flags: FF_USE_IMPROVED_URL_MASKING:true

[4](#L4)Resolving secrets00:00

[5](#L5)Resolving secret "password"...

[6](#L6)WARNING: Not resolved: no resolver that can handle the secret

[7](#L7)Preparing the "docker+machine" executor00:10

[8](#L8)Using Docker executor with image docker ...

[9](#L9)Pulling docker image docker ...

[10](#L10)Using docker image sha256:87df94ebeb90e02117092dfd9df849abdbffb11c0c2c750017e9ad8438512748 for docker with digest docker@sha256:915cd1624f521b6337f135075f712c8fb14c0b151595c6144d7ce05d2f257869 ...

[11](#L11)Preparing environment00:03

[12](#L12)Running on runner-zxwgkjap-project-54583187-concurrent-0 via runner-zxwgkjap-s-l-s-amd64-1707763065-edd8dd5f...

[13](#L13)Getting source from Git repository00:01

[14](#L14)Fetching changes with git depth set to 20...

[15](#L15)Initialized empty Git repository in /builds/xxxx/xxxxxxx/gcp-secret-mgr/.git/

[16](#L16)Created fresh repository.

[17](#L17)Checking out d6b16fbc as detached HEAD (ref is main)...

[18](#L18)Skipping Git submodules setup

[19](#L19)$ git remote set-url origin "${CI_REPOSITORY_URL}"

[20](#L20)Executing "step_script" stage of the job script00:00

[21](#L21)Using docker image sha256:87df94ebeb90e02117092dfd9df849abdbffb11c0c2c750017e9ad8438512748 for docker with digest docker@sha256:915cd1624f521b6337f135075f712c8fb14c0b151595c6144d7ce05d2f257869 ...

[22](#L22)$ docker login -u xxxxx docker.io -p $password

[23](#L23)flag needs an argument: 'p' in -p

[24](#L24)See 'docker login --help'.

[25](#L25)Cleaning up project directory and file based variables00:01

[26](#L26)ERROR: Job failed: exit code 125

ci.yaml

job_using_gcp_sm:
  image: docker
  id_tokens:
    GCP_ID_TOKEN:
      # `aud` must match the audience defined in the WIF Identity Pool.
      aud: https://iam.googleapis.com/projects/${GCP_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${GCP_WORKLOAD_IDENTITY_FEDERATION_POOL_ID}/providers/${GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER_ID}
  secrets:
    password:
      gcp_secret_manager:
        name: DOCKERHUB_PASSWD # This is the name of the secret defined in GCP Secret Manager
        version: 1               # optional: default to `latest`.
      token: $GCP_ID_TOKEN
  script:
    - docker login -u xxxxx docker.io -p $password

(along with Use GCP Secret Manager secrets in GitLab CI/CD | GitLab, for GCP configuration referred GCP Secrets Manager native support: Documentation (#428403) · Issues · GitLab.org / GitLab · GitLab as well )