# GCP

### Secrets Management

StrongDM integrates with the GCP Secret Manager to allow your nodes to proxy access to resources using secrets that are added and maintained in your cloud-native secrets manager.

{% content-ref url="../../access/secret-stores/gcp-secret-manager" %}
[gcp-secret-manager](https://docs.strongdm.com/admin/access/secret-stores/gcp-secret-manager)
{% endcontent-ref %}

### Node Management

When configuring gateways or relays to proxy client traffic to resources, the GCP Nodes guide can be of use for setup.

{% content-ref url="../../networking/gateways-and-relays/gcp-nodes" %}
[gcp-nodes](https://docs.strongdm.com/admin/networking/gateways-and-relays/gcp-nodes)
{% endcontent-ref %}

### User Management

StrongDM provides an integration for SSO authentication with Google as well as user provisioning with Google.

{% content-ref url="../../principals/sso/google-oidc" %}
[google-oidc](https://docs.strongdm.com/admin/principals/sso/google-oidc)
{% endcontent-ref %}

{% content-ref url="../../principals/provisioning/google-provisioning" %}
[google-provisioning](https://docs.strongdm.com/admin/principals/provisioning/google-provisioning)
{% endcontent-ref %}

### Resources

Additionally, StrongDM offers proxied access to cloud resources using the following resource types.

#### Cloud Resources

* **GCP (Workforce Identity Federation)** - Proxy access to manage your Google Cloud via the CLI or through the web console using Workforce Identity Federation to authenticate. See the [GCP (Workforce Identity Federation) guide](https://docs.strongdm.com/admin/resources/clouds/gcp-wif) for more details.
* GCP CLI/SDK (Service Account) - Proxy access to your Google Cloud for service accounts via the CLI or SDKs. See the [GCP CLI/SDK (Service Account) guide](https://docs.strongdm.com/admin/resources/clouds/gcp) for more details.

#### Cluster Resources

When setting up Kubernetes, it's advisable to use a Helm chart and the Kubernetes (Pod Identity) resource type. If you're manually setting up a Kubernetes resource in the cloud, you can also use the Google-specific GKE resource type.

* [Deploy Kubernetes via the Helm chart](https://github.com/strongdm/charts/blob/main/deployments/sdm-relay/README.md)
* [Kubernetes (Pod Identity) resource guide](https://docs.strongdm.com/admin/resources/clusters/kubernetes-podidentity)
* [GKE resource guide](https://docs.strongdm.com/admin/resources/clusters/gke)

#### Server Resources

Any of StrongDM's SSH resource types (listed on the [servers](https://docs.strongdm.com/admin/resources/servers "mention") page) can be used to set up AWS server instances as resources in StrongDM.

#### Datasource Resources

A variety of StrongDM's datasource resource types can be used to support Cloud SQL and other GCP resource types, depending on the database protocol used (see the Datasources list to review the available resource types), and there is also a bespoke BigQuery resource type.

* [Datasource guides](https://docs.strongdm.com/admin/resources/datasources)
* [BigQuery](https://docs.strongdm.com/admin/resources/datasources/bigquery)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.strongdm.com/admin/deployment/integrations/gcp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.