Skip to Content
GuidesLog in from Google Cloud Platform (GCP)

Log in to FlakeHub from Google Cloud Platform (GCP)

Use GCP’s Identity and Access Management to log in to a FlakeHub organization and access private flakes and artifacts without managing tokens.

Security considerations

Authenticating to FlakeHub with a GCP Service Account currently grants read-only privileges to all sources and artifacts in the associated FlakeHub organization. FlakeHub only needs the Service Account’s email address to authenticate.

Setup

  1. First, identify the service account for your GCP resource. One way to do that is using the metadata API:
  2. Register the Service Account email, which looks like 123456789-compute@developer.gserviceaccount.com under the “GCP IDs” section of your FlakeHub Organization’s settings. Give the trust relationship a short name, like dev/ephemeral-vm.
  3. Copy the trust relationship’s FRN, which looks like frn:flakehub:gcp-delegated:DeterminateSystems::dev/ephemeral-vm.
  4. Finally, run determinate-nixd login gcp --frn frn:flakehub:gcp-delegated:DeterminateSystems::dev/ephemeral-vm. Determinate is now authenticated with FlakeHub using the bound Service Account.
Last updated on
Log in from Amazon Web Services (AWS) STSDeploy NixOS to AWS using Determinate