diff --git a/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf b/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf
index a0fe7cd7c1..ff540651cc 100755
--- a/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf
+++ b/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf
@@ -232,6 +232,7 @@ resource "google_project_iam_member" "github-actions-terraform" {
     "roles/resourcemanager.projectIamAdmin",
     "roles/run.admin",
     "roles/storage.admin",
+    "roles/secretmanager.secretAccessor",
   ])
   role    = each.key
   member  = "serviceAccount:${google_service_account.github-actions-terraform.email}"
diff --git a/iac/cal-itp-data-infra/iam/us/project_iam_member.tf b/iac/cal-itp-data-infra/iam/us/project_iam_member.tf
index 4aee5acfbf..7f65ded411 100755
--- a/iac/cal-itp-data-infra/iam/us/project_iam_member.tf
+++ b/iac/cal-itp-data-infra/iam/us/project_iam_member.tf
@@ -558,7 +558,8 @@ resource "google_project_iam_member" "github-actions-terraform" {
     "roles/iam.workloadIdentityPoolAdmin",
     "roles/editor",
     "roles/storage.admin",
-    "roles/logging.configWriter"
+    "roles/logging.configWriter",
+    "roles/secretmanager.secretAccessor",
   ])
   role    = each.key
   member  = "serviceAccount:${google_service_account.github-actions-terraform.email}"