Last updated: 2025-09-30
Purpose
This article describes how to create Google Cloud Platform (GCP) credentials.
Introduction
When using Outpost24 to scan Google Cloud Platform (GCP) resources—whether for compliance benchmarks or vulnerability assessments—it needs valid GCP credentials to authenticate and access those resources. The Generate GCP Credentials feature allows you to provision a service account with the Project Viewer role, enable necessary GCP APIs, and upload a JSON-access key so Outpost24 can perform its scans. Without this, Outpost24 cannot retrieve metadata, inventory, or configuration data from your GCP environment. Setting up these credentials securely ensures proper permissions, avoids over-privileged access, and allows you to automate cloud scanning reliably.
Adding Credentials
-
Log in to OUTSCAN. See the Logging in to the portal article on how to access the Portal.
-
In the Portal view, click the Account button in the upper right corner. Initials in the button may differ depending on the account name.
-
Select Credentials in the context menu.
-
Click the + Add credentials button to open the Add credentials form.
Configure a GCP Account
-
In the drop-down menu select Google Cloud Platform.
-
Add the name of your GCP account.
-
Click the blue UPLOAD ACCESS KEY (JSON) button to select your access key file.
-
Click blue ADD button to create the credential.
To manage your account, refer to Scan Credentials.
Create a GCP Account and Keys - Google Cloud Console
Refer to Create and Manage service accounts, to manage IAM service accounts.
Steps to Create a Service Account
-
Log in to Google Cloud Platform.
-
Open the Service Accounts page.
-
Click on + CREATE SERVICE ACCOUNT.
-
Fill in the details and click CREATE.
-
Add service account permissions and roles to allow a user to manage service account.
The Service account created on GCP must have a Role set to Project Viewer without anything else.
Steps to enable GCP API
-
Enter the APIs & Services Dashboard page.
-
Click on + ENABLE APIS AND SERVICES on the top of the dashboard.
-
Search for the required API, Compute Engine API in this example.
-
Click on the API block and then enable it by clicking on the ENABLE button.
You need to enable the following GCP API in order to be able to run GCP Compliance policy such as "CIS Google Cloud Platform Foundation Benchmark".
-
Compute Engine API
-
Kubernetes Engine API
-
Cloud Key Management Service (KMS) API
-
Identity and Access Management (IAM) API
-
Cloud Logging API
-
Cloud Resource Manager API
-
Cloud DNS API
-
Cloud Functions API
-
Cloud SQL Admin API
You can double check GCP enabled APIs at the bottom of the "APIs & Services" Dashboard.
Steps to Create Key
-
After granting user access, click on Create Key.
-
Select JSON as the Key type/format and click on CREATE.
Refer to Creating and Managing Service Account Keys, for detailed information regarding how to generate Access keys. The uploaded access key is the credential used to run a GCP scan.
Related Articles
- Docker Image Assessment
- How to Scan AWS ECR Images
- Generate Azure Credentials
- Container Inspection - Azure
- Import Cloud Image on AWS
- Google Cloud Platform Credentials
- Microsoft Azure Credentials
- Azure Cloud Discovery
- Docker Credentials
- Amazon
- Cloud Discovery
- Scan a Docker Image
- Configure Application Gateway for HIAB on Azure
- Amazon Web Services Credentials
- Change Hard Drive Size on HIAB in Amazon Web Services
- Change Instance Type on HIAB on Amazon Web Services
- Cloud Discovery on HIAB
- Generate AWS Credentials
- Extend HIAB Disk Space on Azure
- AWS Scanning with OUTSCAN
- Cloud Assessment
- Generate GCP Credentials
- Google Registries Scanning with Container Inspection
- Deploy HIAB on Amazon Web Services
- Cloudsec Scan Configuration
- Docker Image Discovery
- Importing Tags for AWS Discovery
- Deploy HIAB on Microsoft Azure
- Vulnerabilities