Skip to main content

Privacera Documentation

Table of Contents

Add Google Cloud Storage (GCS) data source on Privacera Platform

A) Using Credential File

A credential type is a JSON file downloaded from the GCP that allows you to access the GCP service account from outside. Attaching this credential file will give access to the resources in the environment which can be used to run Discovery scans on GCP resources, such GCS or GBQ.

There are two ways to incorporate the credential file.

  • Local File Path: Provide the path of the local file system to where the credential file is saved, and the system will read and copy internally to configuration location.

  • File: Upload the credential file using a browser, and the system will copy internally to configuration location.

To add a GCS data source with credential file type, do the following:

  1. Under GCP, add a new Data Source, then select Google Cloud Storage.

  2. Enter the following:

    • Name: A name is provided by default. if required, enter a preferred name.

    • Description: Enter a suitable description

    • Application Code: An application code is an unique identifier for a data source. A code is provided by default. if required, enter a preferred code. No two data sources can have the same application code.

  3. In the Application Properties section, add the following properties:

    • Credential Type: Select Google Credentials Local File Path from the drop-down list.

    • Google Credentials Local File Path: /tmp

    • Google Project Id: ${PROJECT_ID}

    • Default Datasource for RealTime Scan - This value is set to false by default. Set this value to true if you have more than one data source. In such scenarios, it is recommended that you identify one data source as the default data source which will be used for real-time scanning.

    • Enable Folder name tagging toggle button to include folder names during scanning and to tag the folders based on dictionary values.

    • Fast Track Data Zones List: Enter fast track data zones list. Ensure to enable DISCOVERY_FASTTRACK_REALTIME_ENABLED property, for more information see Discovery Properties.

    • Enable Auto Scan Real-Time: Enter true for Discovery to auto scan real-time and not check the included resources.

      Note

      If Enable Auto Scan Real-Time is set to true, ensure that quarantine location, transfer location, and archive location are in the exclude resources to avoid re-scanning.

  4. Scroll down to the bottom of the screen, and under Add new properties enter the following properties:

    SSL: If SSL is enabled for Dataserver, use the following properties.

    explorer_proxy_enable=true 
    explorer_proxy_host=dataserver 
    explorer_proxy_port=8282 
    explorer_proxy_protocol=https 
    explorer_protocol=http

    Non-SSL: If SSL is not enabled for Dataserver, use the following properties.

    explorer_proxy_enable=true 
    explorer_proxy_host=dataserver 
    explorer_proxy_port=8181 
    explorer_proxy_protocol=http 
    explorer_protocol=http
  5. Click Save.

B) Using Project ID

A project ID is a unique ID assigned to a GCP project. The project ID is required in order to interact with resources in the project. Using this project ID, you can access the resources defined in the project and run Discovery scans on those resources.

To add a GCS data source with project ID, do the following:

  1. Under GCP, add a new Data Source, then select Google Cloud Storage.

  2. Enter the following:

    • Name: A name is provided by default. if required, enter a preferred name.

    • Description: Enter a suitable description

    • Application Code: An application code is an unique identifier for a data source. A code is provided by default. if required, enter a preferred code. No two data sources can have the same application code.

  3. In the Application Properties section, add the following properties:

    • Credential Type: Select Google Credentials Local File Path from the drop-down list.

    • Google Credentials Local File Path: /tmp

    • Google Project Id: ${PROJECT_ID}

    • Privacera Configuration Bucket: gcs. Use the same bucket name you added in GCP Configuration.

    • Default Datasource for RealTime Scan - This value is set to false by default. Set this value to true if you have more than one data source. In such scenarios, it is recommended that you identify one data source as the default data source which will be used for real-time scanning.

    • Fast Track Data Zones List: Enter fast track data zones list. Ensure to enable DISCOVERY_FASTTRACK_REALTIME_ENABLED property, for more information see Discovery Properties.

    • Enable Auto Scan Real-Time: Enter true for Discovery to auto scan real-time and not check the included resources.

      Note

      If Enable Auto Scan Real-Time is set to true, ensure that quarantine location, transfer location, and archive location are in the exclude resources to avoid re-scanning.

  4. Click Save.

If you want to scan multiple resources, or resources from a different project, see Set up cross-project scanning on Privacera Platform.