GCP Storage URL Signing

Google Cloud Storage URL Signing integration allows you to sign URLs for content stored in GCS buckets. Follow these steps:

Step 1: Create a Service Account

1. Follow this guide to create a service account in Google Cloud or use an existing account.

2. Assign the roles/storage.objectViewer role to the service account. This role allows read access to objects in your bucket.

3. Generate a key for the service account and download the JSON key file. You’ll need this file for the next steps.

Step 2: Add Signing Information in Lasso

1. Navigate to Settings → Integrations in Lasso.

2. Select Google Cloud Storage and provide the following details:

   • Domain: The domain where your content resides (e.g., https://storage.googleapis.com/your-bucket).

   • Bucket: The name of your bucket.

   • Service Account Key: Upload the JSON key file for the service account.

   • TTL: The time-to-live for the signed URL (minimum 15 minutes).

   • Example URL: Provide an example URL to validate your credentials.

Step 3: Automatic Signing for Google Cloud Storage Content

After completing the setup:

• All content originating from the specified Domain (e.g., https://storage.googleapis.com/your-bucket) will be signed automatically by Lasso when accessed.

• Lasso uses the provided Service Account Key to generate a secure, time-limited signed URL dynamically.

• This signed URL ensures secure access during analysis and dashboard display, without exposing your private content.

• Expired URLs are seamlessly regenerated as needed, requiring no manual intervention.