Runtime credentials
Configure runtime credentials on the Google Cloud integration page before agents use GCP tools. These credentials let Clarion read audit logs, inspect IAM state, fetch SCC findings, and query Cloud Monitoring policy and metric context during triage. The runtime credential project can be different from the projects or SCC scopes you monitor. Clarion supports two runtime auth modes:- Keyless via Workload Identity Federation: recommended whenever Clarion’s central GCP bridge is configured. Guided setup provisions this by default and stores only non-secret metadata.
- JSON service account key: fallback for local development or environments where WIF is not available. Clarion stores the private key encrypted.
Monitor options
- GCP Cloud Logging: one monitor per GCP project. Use this for Admin Activity audit logs, IAM changes, service account key creation, compute launches, logging changes, storage, KMS, secrets, GKE, serverless, SQL, and network/perimeter changes.
- GCP Cloud Monitoring: one monitor per GCP project. Use this for incidents from selected Cloud Monitoring alert policies.
- GCP Security Command Center: one monitor per SCC organization, folder, or project scope and location. Use this for active SCC findings, including Event Threat Detection findings.
Recommended setup
- Go to Integrations > Google Cloud.
- Click Connect and complete Google Cloud setup in the dialog.
- Open the Monitors section.
- Add a GCP Cloud Logging, GCP Cloud Monitoring, or GCP Security Command Center monitor.
- Use guided setup when available. It provisions keyless runtime auth on Vercel and grants the monitor-specific IAM roles. If you are developing locally, use JSON service account key mode.