Venafi user permissions for GCP service account
When setting up a GCP service account, specify the Venafi user permissions based on your authentication method.
Venafi Generated Key authentication permissions
| Action(s) | Required permissions |
| Allow TLS Protect Cloud to create (provision) a new certificate for the certificate manager. | certificatemanager.certs.create |
| Allow certificate metadata to be retrieved (after the certificate creation operation completes). | certificatemanager.certs.get |
| Verify access to the certificate manager. | certificatemanager.certs.list |
| Allow TLS Protect Cloud to replace/reprovision a certificate. | certificatemanager.certs.update |
| Allow TLS Protect Cloud to list certificate manager locations. | certificatemanager.locations.list |
| Allow TLS Protect Cloud to check an operation status (for example, certificate creation/replace). | certificatemanager.operations.get |
| To allow TLS Protect Cloud to obtain details of projects associated with the svcAccount. | resourcemanager.projects.get |
Workload Identity Federation authentication permissions
| Action(s) | Required permissions |
| Allow TLS Protect Cloud to create (provision) a new certificate for the certificate manager. | certificatemanager.certs.create |
| Allow certificate metadata to be retrieved (after the certificate creation operation completes). | certificatemanager.certs.get |
| Verify access to the certificate manager. | certificatemanager.certs.list |
| Allow TLS Protect Cloud to replace/reprovision a certificate. | certificatemanager.certs.update |
| Allow TLS Protect Cloud to list certificate manager locations. | certificatemanager.locations.list |
| Allow TLS Protect Cloud to check an operation status (for example, certificate creation/replace). | certificatemanager.operations.get |
| To allow TLS Protect Cloud to obtain details of projects associated with the svcAccount. | resourcemanager.projects.get |
| Allows access tokens to be issued for the service account. | iam.serviceAccounts.getAccessToken |