Menu
Important
Stay updated on React2Shell
Click here

Connect to Google Cloud Platform (GCP)

Last updated October 27, 2025

Secure backend access with OIDC federation is available on all plans

To understand how GCP supports OIDC through Workload Identity Federation, consult the GCP documentation.

Configure your GCP project

  1. Configure a Workload Identity Federation

    1. Navigate to the Google Cloud Console
    2. Navigate to IAM & Admin then Workload Identity Federation
    3. Click on Create Pool

  2. Create an identity pool

    1. Enter a name for the pool, e.g.
    2. Enter an ID for the pool, e.g. and click Continue

  3. Add a provider to the identity pool

    1. Select from the provider types
    2. Enter a name for the provider, e.g.
    3. Enter an ID for the provider, e.g.
    4. Enter the Issuer URL, the URL will depend on the issuer mode setting:
      • Team: , replacing with the path from your Vercel team URL
      • Global:
    5. Leave JWK file (JSON) empty
    6. Select from "Audience"
    7. Enter in the "Audience 1" field and click "Continue"

  4. Configure the provider attributes

    1. Assign the mapping to
    2. Click Save

  5. Create a service account

    1. Copy the IAM Principal from the pool details page from the previous step. It should look like
    2. Navigate to IAM & Admin then Service Accounts
    3. Click on Create Service Account

  6. Enter the service account details

    1. Enter a name for the service account, e.g. .
    2. Enter an ID for the service account, e.g. and click Create and continue.

  7. Grant the service account access to the project

    1. Select a role or roles for the service account, e.g. .
    2. Click Continue.

  8. Grant users access to the service account

    1. Paste in the IAM Principal copied from the pool details page in the Service account users role field.
      • Replace with . e.g. .
      • You can add multiple principals to this field, add a principal for each project and environment you want to grant access to.
    2. Click Done.

  9. Define GCP account values as environment variables

    Once you have configured your GCP project with OIDC access, gather the following values from the Google Cloud Console:

    ValueLocationEnvironment VariableExample
    Project IDIAM & Admin -> Settings
    Project NumberIAM & Admin -> Settings
    Service Account EmailIAM & Admin -> Service Accounts
    Workload Identity Pool IDIAM & Admin -> Workload Identity Federation -> Pools
    Workload Identity Pool Provider IDIAM & Admin -> Workload Identity Federation -> Pools -> Providers

    Then, declare them as environment variables in your Vercel project.

    You are now ready to connect to your GCP resource from your project's code. Review the example below.

Example

In the following example, you create a Vercel function in the Vercel project where you have defined the GCP account environment variables. The function will connect to GCP using OIDC and use a specific resource provided by Google Cloud services.

Return GCP Vertex AI generated text

Install the following packages:

In the API route for this function, use the following code to perform the following tasks:

  • Use to create an External Account Client
  • Use it to authenticate with Google Cloud Services
  • Use Vertex AI with Google Vertex Provider to generate text from a prompt

Was this helpful?

supported.