diff --git a/modules/bootstrap/gcp/services.tf b/modules/bootstrap/gcp/services.tf
index f35321d0..e5d243d0 100644
--- a/modules/bootstrap/gcp/services.tf
+++ b/modules/bootstrap/gcp/services.tf
@@ -11,7 +11,8 @@ locals {
     "bigqueryconnection.googleapis.com",
     "maps-backend.googleapis.com",
     "apikeys.googleapis.com",
-    "datamigration.googleapis.com"
+    "datamigration.googleapis.com",
+    "secretmanager.googleapis.com"
   ]
 }
 
diff --git a/modules/inception/gcp/inception-roles.tf b/modules/inception/gcp/inception-roles.tf
index 2093016b..1d8b52b3 100644
--- a/modules/inception/gcp/inception-roles.tf
+++ b/modules/inception/gcp/inception-roles.tf
@@ -49,6 +49,16 @@ resource "google_project_iam_custom_role" "inception_make" {
     "storage.buckets.get",
     "storage.buckets.getIamPolicy",
     "storage.buckets.setIamPolicy",
+    "secretmanager.secrets.create",
+    "secretmanager.secrets.get",
+    "secretmanager.secrets.list",
+    "secretmanager.secrets.update",
+    "secretmanager.secrets.setIamPolicy",
+    "secretmanager.secrets.getIamPolicy",
+    "secretmanager.versions.access",
+    "secretmanager.versions.add",
+    "secretmanager.versions.get",
+    "secretmanager.versions.list",
   ]
 }
 
@@ -74,7 +84,9 @@ resource "google_project_iam_custom_role" "inception_destroy" {
     "resourcemanager.projects.get",
     "servicenetworking.services.get",
     "servicenetworking.services.deleteConnection",
-    "serviceusage.operations.get"
+    "serviceusage.operations.get",
+    "secretmanager.secrets.delete",
+    "secretmanager.versions.destroy",
   ]
 }
 
diff --git a/modules/inception/gcp/platform-roles.tf b/modules/inception/gcp/platform-roles.tf
index 9831b102..f3f36d2c 100644
--- a/modules/inception/gcp/platform-roles.tf
+++ b/modules/inception/gcp/platform-roles.tf
@@ -86,6 +86,20 @@ resource "google_project_iam_custom_role" "platform_make" {
     "datamigration.connectionprofiles.create",
     "datamigration.connectionprofiles.get",
     "datamigration.operations.get",
+    "dataform.releaseConfigs.create",
+    "dataform.releaseConfigs.get",
+    "dataform.releaseConfigs.list",
+    "dataform.releaseConfigs.update",
+    "dataform.repositories.create",
+    "dataform.repositories.get",
+    "dataform.repositories.getIamPolicy",
+    "dataform.repositories.list",
+    "dataform.repositories.setIamPolicy",
+    "dataform.repositories.update",
+    "dataform.workflowConfigs.create",
+    "dataform.workflowConfigs.get",
+    "dataform.workflowConfigs.list",
+    "dataform.workflowConfigs.update",
   ]
 }
 
@@ -118,5 +132,8 @@ resource "google_project_iam_custom_role" "platform_destroy" {
     "datamigration.connectionprofiles.delete",
     "bigquery.datasets.delete",
     "bigquery.tables.delete",
+    "dataform.releaseConfigs.delete",
+    "dataform.repositories.delete",
+    "dataform.workflowConfigs.delete",
   ]
 }