Google Cloud Platform
The GCP integration connects HomeBase to Cloud Logging, Security Command Center, IAM, and Cloud Audit Logs — giving you unified visibility into your Google Cloud security posture.
What's ingested
- Security Command Center — vulnerabilities, misconfigurations, and active threats across GCP resources.
- Cloud Audit Logs — Admin Activity, Data Access, and System Event logs.
- Cloud Logging — forwarded log sinks for custom workloads and services.
- IAM — service accounts, role bindings, and policy changes.
Setup: Service account
1. Create a service account
bash
gcloud iam service-accounts create hld-homebase \
--display-name="HLD HomeBase Integration" \
--project=YOUR_PROJECT_ID2. Grant required roles
| Name | Type | Required | Description |
|---|---|---|---|
| roles/securitycenter.findingsViewer | IAM role | No | Read SCC findings. |
| roles/logging.viewer | IAM role | No | Read Cloud Logging. |
| roles/iam.securityReviewer | IAM role | No | Read IAM policies and bindings. |
bash
for ROLE in roles/securitycenter.findingsViewer roles/logging.viewer roles/iam.securityReviewer; do
gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \
--member="serviceAccount:hld-homebase@YOUR_PROJECT_ID.iam.gserviceaccount.com" \
--role="$ROLE"
done3. Create and download a key
bash
gcloud iam service-accounts keys create hld-key.json \
--iam-account=hld-homebase@YOUR_PROJECT_ID.iam.gserviceaccount.com4. Register the integration
bash
POST /v1/integrations
{
"type": "gcp",
"tenant_id": "ten_01hxyz",
"credentials": {
"service_account_key": { /* contents of hld-key.json */ }
},
"config": {
"project_ids": ["your-project-id"],
"ingest_scc": true,
"ingest_audit_logs": true
}
}Warning:Service account keys are long-lived credentials. Prefer Workload Identity Federation for production environments where possible. Contact HLD support for assistance setting up keyless authentication.