diff --git a/terraform/cloud-run.tf b/terraform/cloud-run.tf
index 579fea3..b138c0c 100644
--- a/terraform/cloud-run.tf
+++ b/terraform/cloud-run.tf
@@ -10,6 +10,7 @@ resource "google_project_iam_member" "cloud-runner" {
     "roles/viewer",
     "roles/storage.objectViewer",
     "roles/run.admin",
+    "roles/secretmanager.admin",
   ])
   role    = each.key
   member  = "serviceAccount:${google_service_account.cloud-runner.email}"