Google Service Account

On this Page

You can create an account with the Designer or Manager. In Designer, when working on pipelines, every Snap that needs an account prompts you to create a new account or use an existing account. The accounts can be created in or used from:

  • Your private project folder: This folder contains the pipelines that will use the account.
  • Your Project Space’s shared folder: This folder is accessible to all the users that belong to the Project Space.
  • The global shared folder: This folder is accessible to all the users within an organization in the SnapLogic instance.


Account Configuration

Prerequisites

  • Create a Service Account in the Google Cloud console. 

  • Create a custom role and grant it to the Service account. Add the following permissions to the custom role (insufficient permissions will fail the Snap):

    • storage.objects.get (Read)

    • storage.objects.list (Read)

    • storage.objects.create (Write)

    • storage.objects.update (Write)

    • storage.objects.delete (Write)

    • storage.buckets.list (required for Snap Account Validation)
  • JSON file containing the public/private key pair. This file is downloaded to your machine when you create the service account. You need to upload it to the SLDB. See Service account keys for more information.

In Manager, you can navigate to the required folder and create an account in it (see Accounts). To create an account for binary files:

  1. Click Create, then select Binary, then the appropriate account type.
  2. Supply an account label.
  3. Supply the necessary information.

  4. (Optional) Supply additional information on this account in the Notes field of the Info tab.
  5. Click Apply.


Account Settings

Label

Required. User-provided label for the account instance.

Default value: N/A

JSON Key

Required. The relative path of the JSON key in the SLDB. You can upload the JSON file to the SLDB by clicking  → Upload

The JSON key contains the information regarding the project ID. This can be used in newer versions of Google Cloud Storage SDK.

Example: ../shared/testproject1234-a0545b98719d_dummy.json

Default value: N/A

Account Encryption

Standard Encryption

If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.

Enhanced Encryption

If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per account.

  • High:
  • Medium + High:
  • Low + Medium + High