GCP Connection
Learn how to configure a GCP Connection for Infisical.
Infisical supports service account impersonation to connect with your GCP projects.
Self-Hosted Instance
Self-Hosted Instance
Using the GCP integration on a self-hosted instance of Infisical requires configuring a service account on GCP and configuring your instance to use it.
Enable the IAM Service Account Credentials API
Navigate to IAM & Admin > Service Accounts in Google Cloud Console
Create a Service Account
Create a new service account that will be used to impersonate other GCP service accounts for your app connections.
Press “DONE” after creating the service account.
Generate Service Account Key
Download the JSON key file for your service account. This will be used to authenticate your instance with GCP.
Configure Your Instance
- Copy the entire contents of the downloaded JSON key file.
- Set it as a string value for the
INF_APP_CONNECTION_GCP_SERVICE_ACCOUNT_CREDENTIALenvironment variable. - Restart your Infisical instance to apply the changes.
- You can now use GCP integration with service account impersonation.
Configure Service Account for Infisical
Navigate to IAM & Admin > Service Accounts in Google Cloud Console
Create Service Account
Create a new service account with an ID that follows this requirement:
Your service account ID must end with the first two sections of your Infisical organization ID.
Example:
- Infisical organization ID:
df92581a-0fe9-42b5-b526-0a1e88ec8085 - Required service account ID suffix:
df92581a-0fe9
Configure Service Account Permissions
Add the required permissions for secret syncs:
Add the required permissions for secret syncs:
After configuring the appropriate roles, press “DONE”.
Enable Service Account Impersonation
To enable service account impersonation, you’ll need to grant the Service Account Token Creator role to the Infisical instance’s service account. This configuration allows Infisical to securely impersonate the new service account.
- Navigate to the IAM & Admin > Service Accounts section in your Google Cloud Console
- Select the newly created service account
- Click on the “PERMISSIONS” tab
- Click “Grant Access” to add a new principal
If you’re using Infisical Cloud US, use the following service account: [email protected]
If you’re using Infisical Cloud EU, use the following service account: [email protected]
Setup GCP Connection in Infisical
Navigate to App Connections
Navigate to the App Connections tab on the Organization Settings page.
Add Connection
Select the GCP Connection option from the connection options modal.
Authorize Connection
Select the Service Account Impersonation method and click Connect to GCP.
Connection Created
Your GCP Connection is now available for use.