Skip to content

GCS HMAC Key Authorization

This article describes how to use HMAC keys to authorize GCS.

Step 1: Create a Service Account

  1. Log in to Google Cloud Console.
  2. Go to IAM & Admin > Service Accounts.
  3. Click Create Service Account.
  4. Fill in the name (e.g., guance-forward), click Create and Continue.
  5. The role step can be skipped (no authorization at the project level), click Done directly.

Step 2: Authorize the Bucket

  1. Go to Cloud Storage > Buckets > Select the target Bucket.
  2. Switch to the Permissions tab.
  3. Click Grant Access.
  4. Enter the email of the service account you just created.
  5. Select the role Storage Object Admin (or a custom role that includes storage.objects.create/get/list and storage.buckets.get).
  6. Save.

Step 3: Create HMAC Keys

  1. Go to Cloud Storage > Settings.
  2. Switch to the Interoperability tab.
  3. Find the Service account HMAC section.
  4. Click Create a key for a service account.
  5. Select the target service account, click Create key.
  6. Immediately save the displayed Access Key and Secret (they cannot be viewed again after closing).

Step 4: Configure in Guance

  1. Select Google Cloud GCS > HMAC Access Key.
  2. Fill in the Access Key and Secret Key.
  3. Fill in the region, bucket, and storage path.
  4. Test the connection.

Feedback

Is this page helpful? ×