For GitLab Enterprise and Bitbucket Data Center connections, Cloud Build now

## Security Security For GitLab Enterprise and Bitbucket Data Center connections, Cloud Build now checks permissions on the calling principal. When you create or update repository connections, Cloud Build uses Secret Manager secrets to authenticate to third-party Git providers. Previously, these referenced secrets were retrieved by the Cloud Build service agent (P4SA) on your behalf, checking permissions only against the P4SA's credentials rather than those of the calling principal. To adhere to the security principle of least privilege, Cloud Build now checks permissions on both the calling principal (using end-user credentials) and the P4SA, to ensure both have the`secretmanager.versions.access` IAM permission on the referenced secrets. This check only affects GitLab Enterprise (GLE) and Bitbucket Data Center (BBDC) connections. For instructions and more details, see the[Cloud Build security bulletin](https://cloud.google.com/build/docs/security-bulletins#gcp-2026-042).