Configure Google Cloud Platform (GCP) connection¶

The following guide illustrates connecting Certificate Manager - SaaS with Google Cloud Platform (GCP).

Enable Certificate Manager - SaaS to provision new certificates in Google Certificate Manager (GCM) for use with Google services. This guide walks you through the integration process.

Overview¶

The following diagram illustrates the high-level steps for integrating Certificate Manager - SaaS with Google Cloud Platform (GCP). In the subsequent sections, we dive into each of these steps, providing you with a guided walkthrough.

What are my options for authentication methods?¶

There are two authorization methods available: Workload Identity Federation and Service Account Key. Choose the option that best suits your requirements. It is recommended to use Workload Identity Federation as it is more secure by using short-lived tokens, while Service Account Key relies on long-term credentials.

What is the difference between Workload Identity Federation and Service Account Key authentication?¶

• Workload Identity Federation (recommended) - Workload Identity Federation allows workloads outside Google Cloud to securely access Google Cloud resources without using long-term credentials. It relies on external identity providers like AWS, Azure AD, or OIDC-compliant systems to exchange external credentials for short-lived Google Cloud tokens, reducing the risk of credential exposure.

  This method is ideal for multi-cloud or on-premises environments, integrating with existing identity systems to simplify access management. Using short-lived tokens instead of static service account keys improves security and reduces the need for manual credential management.

• Service Account Key - A method where an external application or service uses a service account's private key (usually stored in a JSON file) to authenticate and access GCP resources.

Choose an authentication method and follow the steps¶

• Workload Identity Federation authentication
• Service Account Key authentication