Connect GCP Account

Overview

To manage Google Cloud Platform (GCP) resources autonomously, CloudAIPilot uses a securely scoped Service Account. This allows the platform to orchestrate Compute Engine instances, VPC firewalls, and Kubernetes clusters without tying the infrastructure to a single human user.

Security & PQC Note

Your GCP Service Account JSON keys are encrypted at rest using Post-Quantum Cryptography (PQC) standards. Even in the event of a catastrophic classical cryptographic break, your cloud keys remain mathematically secure.

Step-by-Step Guide

Step 1: Create the Service Account

1. Log in to the GCP Console.
2. Navigate to IAM & Admin > Service Accounts.
3. Click Create Service Account.
4. Name it cloudaipilot-orchestrator.

Step 2: Assign Roles

To allow CloudAIPilot to function seamlessly without manual intervention, assign the following roles:

• Compute Admin (for managing servers and disks).
• Kubernetes Engine Admin (for upcoming GKE cluster orchestration).
• Billing Account Viewer (Required if you want the autonomous FinOps engine to detect waste).

Step 3: Generate Key and Connect

1. Click into your new Service Account, go to the Keys tab, and click Add Key > Create new key.
2. Select JSON and download the file.
3. In the CloudAIPilot dashboard, go to Cloud Accounts > Add Account > GCP.
4. Upload the JSON key file and click Connect.

Important: Once uploaded, CloudAIPilot encrypts the key immediately and deletes the plaintext JSON from memory. We recommend deleting the downloaded JSON file from your local machine.

Related Articles

• KB-08-01: FinOps module overview and data freshness
• KB-02-05: Import existing servers from cloud