I tried to hack a bit with the rolebinding using the following commands (the CTX_CLUSTER2 environment variable points to the cluster with the model that consumes the secret). kubectl --context="${CTX_CLUSTER2}" create namespace dev1 kubectl --context="${CTX_CLUSTER2}" create clusterrole holder --verb get,list --resource secret --resource namespace kubectl --context="${CTX_CLUSTER2}" create rolebinding holder -n dev1 --serviceaccount dev:holder --clusterrole holder But still got some errors related to the secret not being found. unit-holder-0: 10:34:43 ERROR unit.holder/0.juju-log secret_id:10: Uncaught exception while in charm code: Traceback (most recent call last): File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 2564, in _run result = run(args, **kwargs) File "/usr/lib/python3.8/subprocess.py", line 516, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '('/var/lib/juju/tools/unit-holder-0/secret-get', 'secret://548fc04a-1364-4f8f-875c-f9f39c7bed38/clu5bqurg8jc758htov0', '--format=json')' returned non-zero exit status 1. During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 2920, in secret_get result = self._run('secret-get', *args, return_output=True, use_json=True) File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 2570, in _run raise ModelError(e.stderr) ops.model.ModelError: ERROR secret "clu5bqurg8jc758htov0-1" not found The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 282, in get_secret content = self._backend.secret_get(id=id, label=label) File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 2923, in secret_get raise SecretNotFoundError() from e ops.model.SecretNotFoundError During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 2564, in _run result = run(args, **kwargs) File "/usr/lib/python3.8/subprocess.py", line 516, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '('/var/lib/juju/tools/unit-holder-0/secret-info-get', 'secret://548fc04a-1364-4f8f-875c-f9f39c7bed38/clu5bqurg8jc758htov0', '--format=json')' returned non-zero exit status 1. During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 2930, in _run_for_secret return self._run(*args, return_output=return_output, use_json=use_json) File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 2570, in _run raise ModelError(e.stderr) ops.model.ModelError: ERROR secret "clu5bqurg8jc758htov0" not found The above exception was the direct cause of the following exception: Traceback (most recent call last): File "./src/charm.py", line 83, in main(ConsumerCharm) File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/main.py", line 435, in main _emit_charm_event(charm, dispatcher.event_name) File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/main.py", line 144, in _emit_charm_event event_to_emit.emit(*args, **kwargs) File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/framework.py", line 355, in emit framework._emit(event) # noqa File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/framework.py", line 824, in _emit self._reemit(event_path) File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/framework.py", line 899, in _reemit custom_handler(event) File "./src/charm.py", line 62, in _on_update_status secret = self._obtain_secret() File "./src/charm.py", line 35, in _obtain_secret return self.model.get_secret(id=secret_id) File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 287, in get_secret info = self._backend.secret_info_get(id=id, label=label) File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 2944, in secret_info_get result = self._run_for_secret('secret-info-get', *args, return_output=True, use_json=True) File "/var/lib/juju/agents/unit-holder-0/charm/venv/ops/model.py", line 2933, in _run_for_secret raise SecretNotFoundError() from e ops.model.SecretNotFoundError unit-holder-0: 10:34:43 ERROR juju.worker.uniter.operation hook "secret_id-relation-changed" (via hook dispatching script: dispatch) failed: exit status 1 The output of `juju secrets` in each model is the following: aks:dev1: juju secrets ID Owner Rotation Revision Last updated clu5bqurg8jc758htov0 owner1/0 never 1 1 minute ago gke:dev (no secrets) juju secrets ID Owner Rotation Revision Last updated