Adding a CSP Account for GCP
You must have created a service account in GCP and downloaded the JSON file before you can add a CSP account. For more information see GCP BYOK Service Account Requirements.
- Log into the KeyControl Vault for Cloud Keys webGUI using an account with Cloud Admin privileges.
- In the top menu bar, click CloudKeys.
- Click the CSP Accounts tab and select Actions > Add CSP Account.
-
On the Details tab of the Add CSP dialog box, enter the account details.
Field Description Name The name you want to use for the CSP Account. Description An optional description of the CSP Account. Admin Group
Select the Admin Group that you want to use for the account.
Type
Select GCP.
Service Account Key File
Click Load File to upload the service account key in JSON format.
-
Click Continue.
-
On the Schedule tab, determine the rotation schedule for the service account. This can be one of the following:
- Never—The service account keys will never be rotated.
- Every x days—The service account keys will be rotated on a daily basis. The minimum is 1 day and the maximum is 1096 days.
- Every x weeks—The service account keys will be rotated on a weekly basis. The minimum is 1 week and the maximum is 156 weeks.
- Every x months—The service account keys will be on a monthly basis. The minimum is 1 month and the maximum is 36 months.
- Every x years—The service account keys will be rotated on a yearly basis. The minimum is 1 year and the maximum is 3 years.
Important: When the service account keys are rotated, the KeyControl Vault for Cloud Keys creates a new key and replaces the key that was used when you registered the CSP account. Please do not delete the service account key.
-
Click Add.
