Skip to Content

GCP

Connect your Google Cloud Platform project to give Cendriix agents visibility into your cloud resources.

Overview

Auth methodService Account / Workload Identity Federation
Setup locationSettings → Integrations → Connectors → GCP
Setup time~20 minutes

How to connect

  1. Navigate to Settings → Integrations → ConnectorsConnect GCP
  2. Choose your preferred auth method:
    • Service Account Key: Upload the JSON key file from the GCP IAM console
    • Workload Identity Federation (recommended): Provide the OIDC provider URL and pool ID
  3. Cendriix validates the credentials and stores them securely

Auth methods

No static credentials are stored. Cendriix exchanges short-lived OIDC tokens for temporary GCP access tokens. This is the recommended approach for production environments.

Service Account Key

Upload a JSON key file downloaded from the GCP IAM console. The key is encrypted at rest. Use this method if Workload Identity Federation is not available in your environment.

Security notes

  • Workload Identity Federation is the preferred method — no static credentials needed
  • Service Account JSON keys should be rotated regularly and granted minimal IAM permissions
  • Revocation is done in the GCP IAM console (delete the service account or remove the key)

Further reading

Last updated on