GCP Integration

Learn how to integrate Google Cloud Platform (GCP) with Sprinto using Workload Identity Federation (WIF). The new flow retains the Cloud Shell or Service Account setup but removes JSON uploads, provid

Sprinto integrates securely with Google Cloud Platform (GCP) to automatically fetch compliance-relevant information from your GCP environment. This integration helps your organisation meet security and regulatory requirements with minimal manual intervention.

Sprinto only uses read-only access and makes no configuration changes to your GCP resources.

GCP API Resources

Cloud Resource Manager API

Compute Engine API

Cloud Pub/Sub API

Cloud Logging API

Identity and Access Management (IAM) API

Service Usage API

Cloud Spanner API

BigQuery API

Cloud Bigtable API

Firebase Management API

Cloud Datastore API

Cloud Filestore API

Cloud SQL Admin API

Cloud Storage

Container Registry API

Google Cloud APIs

Kubernetes Engine API

Service Management API

Stackdriver API

Important Update (Effective December 6, 2024)

Sprinto has introduced a new GCP connection flow that eliminates the need for customers to upload a JSON key file. This flow uses Workload Identity Federation (WIF) — a secure, Google-recommended approach that enables Sprinto to connect without long-lived credentials.

Available only for customers onboarded on or after December 6, 2024.
Customers onboarded before this date can continue using the earlier integration methods.

Here's a loom video that shows how to integrate GCP with the new flow.

Connect GCP Using Workload Identity Federation (New Flow)

This connection method securely links your GCP account with Sprinto without requiring a JSON key upload. It leverages Workload Identity Federation (WIF) to grant Sprinto temporary, read-only access for monitoring and compliance checks.

Even in this new flow, you begin by choosing one of the two familiar integration options:

Option 1: Google Cloud Shell (Recommended)
Option 2: Set up Service Account manually

After you choose either method, Sprinto automatically uses WIF to complete the secure connection.

Prerequisites

Log in to Sprinto as an administrator.
Ensure you have the “Owner” access privilege in your GCP account.
Logged in on GCP account with Owner access.

Procedure

Step 1: Open GCP Integration in Sprinto

In Sprinto, navigate to Settings › Available Integrations.
Locate Google Cloud Platform (GCP) and click Connect.

Step 2: Add GCP Project Details

Click +Add account > Next.
Add a Project Id and click Continue.

Step 3: Choose an Integration Method

At this stage, you’ll see two setup options. Select one depending on your access preferences:

Option 1: Google Cloud Shell (Recommended)

Select Use Google Cloud Shell, then click Continue.
On the Connect GCP to integrate page, enter the Project ID and Project Number for the GCP project where you’ll create the service account.
- Example:
  - Project ID: sprinto-dev
  - Project Number: 796386340381

Copy the bash code provided by Sprinto and execute it in your GCP Cloud Shell terminal.

The script will:
- Create a service account named sprinto-serviceaccount.
- Assign the Security Reviewer role (read-only).
- Enable all required APIs.
- Configure Workload Identity Federation (WIF) for authentication.

You can optionally adjust API permissions before running the script. Copy the bash code again if you make any changes.

Option 2: Set Up Service Account Manually

Select Set up service account manually, then click Continue.
Follow the on-screen instructions in Sprinto to:
- Create a service account in your chosen GCP project.
- Enable the required APIs.
- Configure Workload Identity Federation (WIF) instead of generating a JSON key.

This replaces the previous JSON upload step. Once complete, return to Sprinto and click Connect to finalise the setup.

Step 4: Wait for the Connection to Establish

After executing the bash code or completing the manual steps, Sprinto automatically initiates the WIF connection.
The Connect button remains disabled for about 1–2 minutes while Google provisions IAM policies.

Once active, click Connect to complete the integration.

Step 5: Verify the Setup

After integration completes:

In the GCP Console, go to IAM › Workload Identity Federation.
Confirm that a Workload Identity Pool (for example, sprinto-wif-pool) has been created.
Verify that the Sprinto service account appears under IAM with read-only access.

Result

Once integrated:

Sprinto securely connects to GCP using Workload Identity Federation.
You no longer need to upload or rotate JSON key files.
All data retrieval happens using short-lived, federated credentials for enhanced security.

Connect GCP Using Previous Methods

(For Customers Onboarded Before December 6, 2024)

Older customers can continue using the previous integration methods:

Via Cloud Shell (Recommended) — Create a service account and upload its JSON key through an automated script.
Via Service Account (Manual) — Manually create a service account on GCP and upload the JSON key to Sprinto.

These methods remain valid and provide read-only access.

Comparison: New vs Old GCP Integration Flows

Feature / Aspect

New Flow (Workload Identity Federation)

Old Flow (JSON Key Based)

Availability

For customers onboarded on or after Dec 6 2024

For customers onboarded before Dec 6 2024

Authentication Type

Workload Identity Federation (WIF)

Service Account Key (JSON file)

JSON File Required

Yes

Setup Options

Cloud Shell or Manual Service Account → WIF auto-setup

Cloud Shell or Manual Service Account → Upload JSON

Key Rotation Needed

Yes

Security Level

High — Uses short-lived federated tokens

Moderate — Depends on static key management

Recommended By Google

Yes

Deprecated for new projects

Integration Speed

Fast (1–2 minutes setup)

Moderate (Manual upload step required)

PreviousGCP Integration (via Cloud Shell)NextGithub + Dependabot Integration

Last updated 1 month ago