CybeDefend Configuration
| Field | Description | Example |
|---|---|---|
| GCP Project ID | Your Google Cloud project ID | my-gcp-project-123 |
| Registry Hostname | GCR hostname for your region | gcr.io (Global/US) |
| Service Account Key (JSON) | Full JSON content of service account key | {"type": "service_account", ...} |
Available Registry Hostnames
| Hostname | Region |
|---|---|
gcr.io | Global / United States |
us.gcr.io | United States |
eu.gcr.io | Europe |
asia.gcr.io | Asia |
How to Create a Service Account Key in GCP
1
Access GCP Console
Go to GCP Console → IAM & Admin → Service Accounts
2
Create or Select Account
Create a new service account or select an existing one
3
Assign Role
Grant the role Storage Object Viewer (read access) or Storage Admin (read/write)
4
Create Key
Create a new key in JSON format and download it
5
Paste JSON Content
Paste the complete JSON content in CybeDefend
Security Best Practices
Least Privilege
Use
Storage Object Viewer role for read-only access to images.Rotate Keys
Rotate service account keys regularly to minimize security risks.
Use Workload Identity
Prefer Workload Identity over service account keys when possible.
Audit Access
Enable Cloud Audit Logs for monitoring and compliance.
Troubleshooting
Authentication Failed
Authentication Failed
- Verify the JSON key is valid and complete
- Check if the service account has been deleted or disabled
- Ensure the project ID matches your registry
Permission Denied
Permission Denied
- Verify the service account has
Storage Object Viewerrole - Check if Container Registry API is enabled