Product UpdatesStatus PageWorkato Academy
English
Get a trial
Data & security
Connection credentials
Google Secret Manager

# Set up a Google Cloud service account

This guide explains how to create a Google Cloud service account and generate credentials that allow Workato to access secrets in Google Secret Manager.

# Prerequisites

Ensure you have the following before you begin:

  • An active Google Cloud project (GCP project) with billing enabled

  • The following IAM permissions in your GCP project:

    • serviceusage.services.enable
    • iam.serviceAccounts.create
    • iam.serviceAccountKeys.create
    • resourcemanager.projects.setIamPolicy

# Enable the Secret Manager API

Complete the following steps to enable the Secret Manager API in your GCP project:

1

Sign in to the Google Cloud Console (opens new window) and select your project.

2

Go to APIs & Services > Library.

3

Search for and select Secret Manager API.

4

Click Enable.

Enable the Secret Manager APIEnable the Secret Manager API

# Create a service account

Complete the following steps to create a Google Cloud service account:

1

Go to IAM & Admin > Service Accounts.

2

Click Create Service Account.

3

Enter a descriptive Service account name. For example, Workato Secrets Manager. The Service account ID is auto-generated from the name.

4

Optionally, enter a Service account description. For example, Service account for Workato to access Secret Manager.

Create the service accountCreate the service account

5

Click Create and continue.

# Assign the Secret Manager IAM role

Complete the following steps to grant the service account permission to access secrets in your project:

1

Click the Select a role drop-down menu in the Permissions section.

2

Search for and select Secret Manager Secret Accessor (roles/secretmanager.secretAccessor).

Select the Secret Manager Secret Accessor permissionSelect the Secret Manager Secret Accessor permission

3

Click Continue.

4

Click Done to skip the optional Principals with access section.

# Create and download a service account key

Complete the following steps to generate a JSON key file that Workato uses to authenticate as the service account:

1

Locate the service account you just created on the Service Accounts page.

2

Click the service account email address to open its details.

3

Click the Keys tab.

4

Click Add Key > Create new key.

5

Select JSON as the key type.

6

Click Create.

The JSON key file downloads automatically. The file contains the credentials Workato needs to authenticate to Google Secret Manager, including project_id, private_key, and client_email. Store the file securely and restrict access.

# Next steps

Refer to the following guides to complete the setup:

# Further reading

Use Google Secret Manager in connections
Set up HashiCorp Vault for workspaces


Last updated: 3/26/2026, 3:04:41 PM

On this page