Create a Google Cloud Platform connection to an Edge site

Available vaults

Tip 

You can use a vault to add your data source information to your Edge site connection. Vaults are not available for Collibra Cloud sites.	None AWS Secrets Manager Azure Key Vault CyberArk Vault Google Secret Manager HashiCorp Vault
	Select another vault I don't use a vault AWS Secrets Manager Azure Key Vault CyberArk Vault Google Secret Manager HashiCorp Vault

Before you begin

• You have created and installed an Edge site.
• You have the models you want to ingest evaluated and in your Google Vertex AI model registry.
• You have added a vault to your Edge site.

Required permissions

• You have a global role that has the Manage connections and capabilities global permission, for example, Edge integration engineer.
• You have the Vertex AI Viewer role with the following Google Vertex AI permissions. For more information, go to the Google Vertex AI access control with IAM documentation.
  • aiplatform.models.list
  • aiplatform.modelEvaluations.list
  Note If your Vertex AI resources are in a different project than the service account that is configured for synchronizations, you must also have the following permission: resourcemanager.projects.get

Steps

1. Open a site.
   1. On the main toolbar, click → Settings.
      The Collibra settings page opens.
   2. In the tab pane, click Edge.
      The Sites tab opens and shows a table with an overview of your sites.
   3. In the table, click the name of the site whose status is Healthy.
      The site page opens.
2. In the Connections section, click Create connection.
   The Create connection page appears.
3. Select the GCP connection to connect to Google Cloud Platform.
4. Enter the required information.

   Field	Description	Required
   Name	The name of the Edge connection for Google Cloud Platform.	Yes
   Description	The description of the connection.	No
   Vault	The vault where you store your data source values.	No
   Connection type	Important  Currently, only the Service Account authentication method is supported for this integration. The authentication method for your GCP connection. Select Service Account to use a Google service account for authentication.	Yes
   GCP Service Account / Workload Identity Federation (WIF)	Important  Currently, only the Service Account authentication method is supported for this integration. The account to connect to the GCP. Add the full content of the service account key JSON file. Example  { "type": "service_account", "project_id": "PROJECT_ID", "private_key_id": "KEY_ID", "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n", "client_email": "SERVICE_ACCOUNT_EMAIL", "client_id": "CLIENT_ID", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://accounts.google.com/o/oauth2/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"} Ensure the service account has the required permissions. For more information about service account keys, go to the Google documentation. How to use your vault... To use your vault, do the following: In the Value Type field, select Vault Key. Enter the query value to identify the secret in your vault. Example  To use your vault, do the following: In the Value Type field, select Vault Key. Enter the required information: Name Description Secret Engine Type Select one of the following: Key Value Database Engine Path The engine path to your vault where the value is stored. Secret Path The secret path to your vault where the value is stored. Field The name of the field to your vault where the value is stored. Note Only available if you selected Key Value in the Secret Engine Type field. Role The role specified in the Database engine. Note Only available if you selected Database in the Secret Engine Type field. Example  To use your vault, do the following: In the Value Type field, select Vault Key. Enter the required information: Name Description Vault Name The name of your Azure Key Vault in your Azure Key Vault service where the value is stored. Secret Name The name of the secret in your vault where the value is stored. Example  To use your vault, do the following: In the Value Type field, select Vault Key. Enter the required information: Name Description Secret Name The name of the secret in your vault where the value is stored. Field If the secret stored in your AWS Secrets Manager is a JSON value, for example {"pass1": "my-password", "pass2": "my-password2"}, then you need to specify the Field to point to the exact JSON value that should be used. For example, Secret Name: edge-db-customer; Field: pass. Note If the secret stored in your AWS Secrets Manager is a plain string value, for example my-password, then you do not need to specify the Field. Example  To use your vault, do the following: In the Value Type field, select Vault Key. Enter the name of the secret in your vault where the value is stored. Example	Yes
   Property	If your connection to GCP requires any additional parameters, click Add Property.	No

5. Click Create.
   The connection is added to the Edge site.