Skip to main content

Linking Google Cloud Storage as a Source

This guide walks through connecting a Google Cloud Storage (GCS) bucket to Actioneer. The setup uses a GCP service account with read-only access scoped to your specific bucket.
  
  Prerequisites  Google Cloud project with a GCS bucket, Actioneer account
  Access granted  Read-only object access on specified bucket
  Estimated time  ~15 minutes
Actioneer cannot upload, overwrite, delete, or modify any files or bucket settings.
1

Note your GCS bucket name

  1. Sign in at console.cloud.google.com.
  2. In the left sidebar, open Cloud Storage → Buckets.
  3. Locate your bucket and copy the exact Bucket Name.
  Value  Location  Example
  Bucket Name  Cloud Storage → Buckets list  my-data-bucket
2

Create a service account and grant Storage roles

Actioneer authenticates using a GCP service account JSON key. This keeps credentials under your control.
  1. Open IAM & Admin → Service Accounts.
  2. Click Create Service Account.
  3. Name it something clear (e.g., actioneer-gcs-reader). Click Create and Continue.
  4. Assign one of the following roles:
  Role  Role ID  Purpose
  Storage Object Viewer  roles/storage.objectViewer  Read-only access to objects in the bucket
Storage Object Viewer is the only role required. It grants read-only access to objects and their metadata. Do not use Storage Object Admin — it adds unnecessary write and delete permissions that Actioneer does not need.
  1. Click Continue, then Done.
Download the JSON key
  1. On the Service Accounts page, click the account you just created.
  2. Go to the Keys tab → Add KeyCreate New Key.
  3. Select JSON and click Create. The key file downloads automatically.
Store this JSON key file securely. It grants read access to your GCS bucket. Do not commit it to version control or share it over unencrypted channels.
3

Connect Google Cloud Storage in Actioneer

  1. In Actioneer, click Data in the left sidebar.
  2. Select Google Cloud Storage from the list of data sources.
  3. When prompted, select Direct Connection.
  4. Complete the connection form:
  Field  Value
  Connection Name  A descriptive label, e.g. Production GCS Bucket
  Bucket Name  From Step 1 (e.g., my-data-bucket)
  Service Account JSON Key  Upload or drop the JSON key file from Step 2
  1. Click Connect.

Common questions

No. The Storage Object Viewer role grants read-only access to objects. Actioneer cannot upload, overwrite, delete, or modify any files or bucket settings.
All credentials are encrypted at rest with AES-256 and encrypted in transit with TLS 1.3. They are never stored in plain text or logged. Actioneer is SOC 2 Type II certified, ISO 27001 certified (audited by Schellman), and GDPR compliant.

Need a hand?

Stuck on a step or running into an error? Reach out at connect@actioneer.com.