GCP Connection
Learn how to configure a GCP Connection for Infisical.
Infisical supports service account impersonation to connect with your GCP projects.
Configure Service Account for Infisical
Navigate to IAM & Admin > Service Accounts in Google Cloud Console
Create Service Account
Create a new service account with an ID that follows this requirement:
Your service account ID must end with the first two sections of your Infisical organization ID.
Example:
- Infisical organization ID:
df92581a-0fe9-42b5-b526-0a1e88ec8085 - Required service account ID suffix:
df92581a-0fe9
Configure Service Account Permissions
Add the required permissions for secret syncs:
After configuring the appropriate roles, press “DONE”.
Enable Service Account Impersonation
To enable service account impersonation, you’ll need to grant the Service Account Token Creator role to the Infisical instance’s service account. This configuration allows Infisical to securely impersonate the new service account.
- Navigate to the IAM & Admin > Service Accounts section in your Google Cloud Console
- Select the newly created service account
- Click on the “PERMISSIONS” tab
- Click “Grant Access” to add a new principal
If you’re using Infisical Cloud US, use the following service account: [email protected]
If you’re using Infisical Cloud EU, use the following service account: [email protected]
Setup GCP Connection in Infisical
Navigate to the App Connections
Navigate to the App Connections tab on the Organization Settings page.
Add Connection
Select the GCP Connection option from the connection options modal.
Authorize Connection
Select the Service Account Impersonation method and click Connect to GCP.
Connection Created
Your GCP Connection is now available for use.
Was this page helpful?