Integrating with GCP
Overview
Google Cloud Platform integration enables you to scan your GCP infrastructure for runtime misconfigurations.
Though it does not require the integration steps below, Jit recommends that you also activate the Scan IaC for Misconfigurations security requirement for complete infrastructure protection.
Steps for integrating with GCP
To integrate Jit with Google Cloud Platform—
-
Create a new service account for your Google Cloud project. For instructions, see Google Cloud documentation. Required permissions:
- Viewer
- Security Reviewer
- Stackdriver Account Viewer
-
Create a JSON key for this service account. For instructions, see Google Cloud documentation.
-
From the Jit platform, select Secrets in the menu bar under Settings.
-
Follow the instructions in Secrets to create a secret with the following details:
- Name—
gcp_credentials(you must use this exact name) - Secret— Paste the contents of your JSON key file into this text box.
- Name—
-
Select Integrations.
-
Locate the GCP tile and select integrate-as-code. You are taken to the
jit-integration.ymlfile. Add the information below to this file. If the option to integrate as-code is not available, you may need to manually addjit-integration.ymlto the repo containing Jit's configuration files.
gcp:
<integration_id>:
type: gcp_account
name: "<your account name>"
auth:
api_token: "${{ jit_secrets.gcp_credentials }}"
project_id: <your GCP project id>
| Key | Value/description |
|---|---|
| gcp: | Integration type. Key must be gcp:. The GCP integration is nested in this mapping. |
| <integration_id>: | This key is the name you choose for your GCP integration. |
| type: | Enter gcp_account as shown in the example. |
| name: | Enter your GCP account name as shown in the example. |
| api_token: | Enter exactly as shown in the example. |
| project_id: | Enter your GCP project ID as shown in the example. |
Updated about 2 months ago