doc: documentation updates for gcp app connection

2026-01-10 07:58:15 -05:00 · 2025-01-29 18:12:17 +08:00
parent 4db3e5d208
commit dacffbef08
3 changed files with 19 additions and 4 deletions
--- a/docs/images/app-connections/gcp/create-gcp-impersonation-method.png
+++ b/docs/images/app-connections/gcp/create-gcp-impersonation-method.png
--- a/docs/images/app-connections/gcp/service-account-credentials-api.png
+++ b/docs/images/app-connections/gcp/service-account-credentials-api.png
--- a/docs/integrations/app-connections/gcp.mdx
+++ b/docs/integrations/app-connections/gcp.mdx
@@ -10,16 +10,21 @@ Infisical supports [service account impersonation](https://cloud.google.com/iam/
    configuring your instance to use it.

    <Steps>
+        <Step title="Enable the IAM Service Account Credentials API">
+            ![Service Account API](/images/app-connections/gcp/service-account-credentials-api.png)
+        </Step>
        <Step title="Navigate to IAM & Admin > Service Accounts in Google Cloud Console">
-            ![Service Account Page](/images/app-connections/gcp/service-account-overview.png)
+            ![Service Account IAM Page](/images/app-connections/gcp/service-account-overview.png)
        </Step>
        <Step title="Create a Service Account">
            Create a new service account that will be used to impersonate other GCP service accounts for your app connections.
-            ![Service Account Page](/images/app-connections/gcp/create-instance-service-account.png)
+            ![Create Service Account Page](/images/app-connections/gcp/create-instance-service-account.png)
+
+            Press "DONE" after creating the service account.
        </Step>
        <Step title="Generate Service Account Key">
            Download the JSON key file for your service account. This will be used to authenticate your instance with GCP.
-            ![Service Account Page](/images/app-connections/gcp/create-service-account-credential.png)
+            ![Service Account Credential Page](/images/app-connections/gcp/create-service-account-credential.png)
        </Step>
        <Step title="Configure Your Instance">
            1. Copy the entire contents of the downloaded JSON key file.
@@ -55,9 +60,19 @@ Infisical supports [service account impersonation](https://cloud.google.com/iam/
                ![Assign Service Account Permission](/images/app-connections/gcp/service-account-secret-sync-permission.png)
            </Tab>
        </Tabs>
+        After configuring the appropriate roles, press "DONE".
    </Step>
    <Step title="Enable Service Account Impersonation">
-        On the new service account, assign the `Service Account Token Creator` role to the Infisical instance's service account. This allows Infisical to impersonate the new service account.
+        To enable service account impersonation, you'll need to grant the **Service Account Token Creator** role to the Infisical instance's service account. This configuration allows Infisical to securely impersonate the new service account.
+        - Navigate to the IAM & Admin > Service Accounts section in your Google Cloud Console
+        - Select the newly created service account
+        - Click on the "PERMISSIONS" tab
+        - Click "Grant Access" to add a new principal
+
+        If you're using Infisical Cloud US, use the following service account: infisical-us@infisical-us.iam.gserviceaccount.com
+
+        If you're using Infisical Cloud EU, use the following service account: infisical-eu@infisical-eu.iam.gserviceaccount.com
+
        ![Service Account Page](/images/app-connections/gcp/service-account-grant-access.png)
    </Step>