Prerequisites
Prerequisites
- An Enkryptify workspace with admin access
- A Google Cloud project
- Permissions to create a Service Account and grant IAM roles in the project
Permissions
Permissions
Enkryptify connects to your GCP project using Service Account impersonation. You create a Service Account in your project with Secret Manager permissions, then grant Enkryptify the ability to impersonate it.
- On your target Service Account:
Service Usage Admin/roles/serviceusage.serviceUsageAdminSecret Manager Admin/roles/secretmanager.admin
- On the same Service Account:
Service Account Token Creator(roles/iam.serviceAccountTokenCreator) to principalenkryptify@enkryptify.iam.gserviceaccount.com
Steps to complete
1
Create a new sync
-
Go to the
Syncstab of your project and click onGCP Secret Manager.
2
Create a Service Account (GCP Console)
-
Navigate to IAM & Admin → Service Accounts.
-
Create a new Service Account with an ID of your choosing.
3
Grant Secret Manager permissions to the Service Account
- Grant the following permissions to the Service Account:
-
Secret Manager Admin(roles/secretmanager.admin) -
Service Usage Admin(roles/serviceusage.serviceUsageAdmin)
-
4
Enable Service Account impersonation
- Grant
Service Account Token Creator(roles/iam.serviceAccountTokenCreator) toenkryptify@enkryptify.iam.gserviceaccount.comon your Service Account.-
Open the Service Account → PERMISSIONS tab → Grant Access → add the principal and role.
-
Open the Service Account → PERMISSIONS tab → Grant Access → add the principal and role.
5
Enable required APIs
- Ensure these APIs are enabled on your project:
- Cloud Resource Manager API
- Secret Manager API
- Service Usage API
6
Authenticate in Enkryptify
-
In Enkryptify, enter your
Project IDand the Service AccountEmailto impersonate.
7
Link an Enkryptify environment
-
Choose which Enkryptify environment to sync.