# GCP

## Overview

Connect GCP to Nullify for cloud-to-code traceability. The connector uses Workload Identity Federation (WIF) with OIDC — no long-lived service account keys, no secrets to manage.

## Key Benefits

* **Cloud-to-code mapping** — Tie vulnerabilities back to specific GCP projects, regions, and IaC definitions.
* **Blast-radius awareness** — Understand which services, identities, and networks are reachable from an exposed asset.
* **Multi-project coverage** — Operate across GCP organizations, folders, or individual projects.
* **Secure access** — Uses OIDC federation with per-tenant trust. No service account JSON keys.
* **Read-only** — Nullify cannot modify your environment, read object data, or access secret payloads.

## How It Works

1. Deploy the Nullify Terraform module in your GCP project. This creates a workload identity pool, a read-only service account, and IAM bindings.
2. Paste the `service_account_email` and `workload_identity_provider` outputs into the Nullify console.
3. Nullify validates the credentials and begins ingesting metadata for cloud exposure assessments.

Full setup instructions are documented in [Configuration](/connectors/gcp/configuration.md).

## Optional: Kubernetes Collector (GKE)

Deploy the Nullify k8s-collector to your GKE clusters for workload-level visibility (pods, services, deployments, ingresses).

1. Share your cluster's OIDC issuer URL with Nullify (one `gcloud` command).
2. Nullify returns a role ARN.
3. Deploy the Helm chart with the role ARN.

No GCP service account or Workload Identity binding required. See [Configuration](/connectors/gcp/configuration.md#kubernetes-collector-gke) for details.

## Support

* Implementation assistance: <support@nullify.ai>
* Terraform module: [nullify-cloud-connector](https://github.com/Nullify-Platform/nullify-cloud-connector/tree/main/gcp-integration-setup/terraform)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nullify.ai/connectors/gcp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.