I need to reference a secretEnv value from secrets manager in my docker run arg in a CloudBuild step, but I’ve tried many variation of $DATABASE_CREDENTIALS and I haven’t had any success. The secret availability permissions are configured properly but I’m can’t get the env var to exist or have the appropriate value. Below is what my code looks like

step {
  id       = "foobar"
  name     = "docker"
  secret_env = ["DATABASE_CREDENTIALS",]
  wait_for = ["setup-proxy", "build-foobar"]
  entrypoint = "sh"
  args     = ["-c", "/workspace/cloud_sql_proxy -dir=/workspace -instances='${var.cloud_sql_connection_name}' & sleep 3 &&  docker run -v /workspace:/root --env DATABASE_CREDENTIALS='$DATABASE_CREDENTIALS' '$FOOBAR_IMG'"]
}

available_secrets {
  secret_manager {
    version_name = "${google_secret_manager_secret.postgres_creds.name}/versions/latest"
    env = "DATABASE_CREDENTIALS"
  }
}

Is it possible to reference secret_env values in cloudbuild args?