GCP Storage - User Guide

In this article, you will understand step by step how to easily integrate with GCP Storage

GCP storage monitors your buckets and validates that they are encrypted. The storage of sensitive information should be encrypted as a key criteria when checking security in the SOC 2 framework.


The permission that is required for the integration with GCP Storage is read-only permissions and does not allow Scytale to perform any actions within your GCP account.

  • storage.buckets.list

How to connect GCP Storage integration?

Before connecting to GCP Storage, the following links must be enabled in Google API:

  1. https://console.developers.google.com/apis/api/serviceusage.googleapis.com/overview
  2. https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview
  3. https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview


Step 1:
Create a role within the GCP Console

  • Log in to GCP Console
  • |Select IAM & Admin
  • Select Roles.
  • Click on "Create Role" - create a custom role for Scytale with the relevant permissions for the integration.

  • Fill in the details:
    Title - Scytale Storage
    ID - ScytaleStorage

  • Select "Add Permissions", click on the specific permissions and add them:

      • storage.buckets.list
  • As shown in the image below, once all permissions have been added, a list of the assigned permissions will appear.

  • Click on "Create"




Step 2: Create service account within GCP Console

  • Go to IAM & Admin
  • Select Service Accounts
  • Click on "Create service account"

  • Fill in the details:

    • Phase 1 - Service account details

      Service account name - scytale_storage
      Service account ID - after writing the service account name, this field is automatically filled in
      Click "Create and continue"

    • Phase 2 - Grant service account access to role

      Select the role that you created in the previous step above (Scytale Storage)
      Click "Continue"

    • Phase 3 - Grant users access to this service account (optional)
      No need to fill

Click on "Done"



Step 3: Generate JSON file

  • Go to IAM & Admin
  • Select Service Accounts. You can see the list of all the service accounts that you have
  • Select the service account that you created in the previous step - scytale_storage
  • Go to the "Keys" tab.
  • Click on "Add Key" and select the "Create new key" option

  • In "Key type", select JSON and "Create"

Copy the following fields from the JSON that was downloaded:

  • client email  - please copy without ""
  • private_key - Verify that you included all key values, including "-----BEGIN PRIVATE KEY-----  n-----END PRIVATE KEY-----\n"
  • project_id - please copy without ""



Step 4: Log in to the Scytale web app

  • Click on the "Integrations" menu screen to the left.

  • Click on the "Connect" button under the GCP Storage icon.

  • Paste the generated keys from the JSON file (see step 3 above) from the GCP Console: Client Email, Private Key, Project ID
  • Connection Name - is used to differentiate between your connections.
    For instance, if you manage multiple accounts or would like to connect multiple times to the integration. It's automatically titled (Connection 1,2,3 etc), but you can change it to a custom name to make it easier to identify.
    For example: scytale-production-env.
  • Click on Connect