GCP
Connect your Google Cloud Platform project to give Cendriix agents visibility into your cloud resources.
Overview
| Auth method | Service Account / Workload Identity Federation |
| Setup location | Settings → Integrations → Connectors → GCP |
| Setup time | ~20 minutes |
How to connect
- Navigate to Settings → Integrations → Connectors → Connect GCP
- Choose your preferred auth method:
- Service Account Key: Upload the JSON key file from the GCP IAM console
- Workload Identity Federation (recommended): Provide the OIDC provider URL and pool ID
- Cendriix validates the credentials and stores them securely
Auth methods
Workload Identity Federation (recommended)
No static credentials are stored. Cendriix exchanges short-lived OIDC tokens for temporary GCP access tokens. This is the recommended approach for production environments.
Service Account Key
Upload a JSON key file downloaded from the GCP IAM console. The key is encrypted at rest. Use this method if Workload Identity Federation is not available in your environment.
Security notes
- Workload Identity Federation is the preferred method — no static credentials needed
- Service Account JSON keys should be rotated regularly and granted minimal IAM permissions
- Revocation is done in the GCP IAM console (delete the service account or remove the key)
Further reading
Last updated on