# GCP Storage URL Signing

Google Cloud Storage URL Signing integration allows you to sign URLs for content stored in GCS buckets. Follow these steps:

#### **Step 1: Create a Service Account**

1. Follow [this guide](https://cloud.google.com/iam/docs/service-accounts-create) to create a service account in Google Cloud or use an existing account.
2. Assign the `roles/storage.objectViewer` role to the service account. This role allows read access to objects in your bucket.
3. Generate a key for the service account and download the JSON key file. You’ll need this file for the next steps.

#### **Step 2: Add Signing Information in Lasso**

1. Navigate to **Settings → Integrations** in Lasso.
2. Select **Google Cloud Storage** and provide the following details:
   * **Domain**: The domain where your content resides (e.g., `https://storage.googleapis.com/your-bucket`).
   * **Bucket**: The name of your bucket.
   * **Service Account Key**: Upload the JSON key file for the service account.
   * **TTL**: The time-to-live for the signed URL (minimum 15 minutes).
   * **Example URL**: Provide an example URL to validate your credentials.

#### **Step 3: Automatic Signing for Google Cloud Storage Content**

After completing the setup:

* All content originating from the specified **Domain** (e.g., `https://storage.googleapis.com/your-bucket`) will be signed automatically by Lasso when accessed.
* Lasso uses the provided **Service Account Key** to generate a secure, time-limited signed URL dynamically.
* This signed URL ensures secure access during analysis and dashboard display, without exposing your private content.
* Expired URLs are seamlessly regenerated as needed, requiring no manual intervention.