> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring A GCP Secret Manager

> Integrate Google Cloud Secret Manager with your Blink self-hosted runner for secure credential storage.

Blink enables seamless integration with a vault established within a customer's personalized environment, guaranteeing secure storage of connections within their controlled setting.

To configure a GCP Secret Manager you need to create a [Self-Hosted runner](/docs/blink-platform/runners/deploying-runner/deploying-self-hosted) with additional configuration, including the `CREDENTIALS` and `PROJECT_ID`.

<Steps>
  <Step title="Access Your Google Cloud Platform Account">
    Navigate to your "Google Cloud Platform" account.
  </Step>

  <Step title="Create a GCP IAM Service Account">
    Create a [GCP IAM Service Account](https://docs.blinkops.com/docs/integrations/gcp#creating-a-service-account) or navigate to your [GCP IAM Service Account](https://docs.blinkops.com/docs/integrations/gcp#creating-a-service-account) if you already have one.

    <Frame>
      <img src="https://mintcdn.com/blinkops-2/hCOHuAN1Lx4x4ZwJ/img/Runners/CreateServiceAccount.png?fit=max&auto=format&n=hCOHuAN1Lx4x4ZwJ&q=85&s=0584b612f9cae520d9bee2a0a4e506b8" width="3826" height="1904" data-path="img/Runners/CreateServiceAccount.png" />
    </Frame>
  </Step>

  <Step title="Assign Secret Manager Admin Role">
    Assign the "Secret Manager Admin" role to the service account.

    <Frame>
      <img src="https://mintcdn.com/blinkops-2/xyKLDJHFYJazyJhl/img/Runners/ServiceAccount.gif?s=26522bacaca3ccbf808d305ab4ec3161" width="2168" height="1080" data-path="img/Runners/ServiceAccount.gif" />
    </Frame>
  </Step>

  <Step title="Obtain the Service Account Credentials">
    Download and securely save the Service Account Credentials

    <Frame>
      <img src="https://mintcdn.com/blinkops-2/xyKLDJHFYJazyJhl/img/Runners/ServiceAccountCredentials.png?fit=max&auto=format&n=xyKLDJHFYJazyJhl&q=85&s=a51a9a156e5ad35cc9e72f708a2d1969" width="3830" height="1900" data-path="img/Runners/ServiceAccountCredentials.png" />
    </Frame>
  </Step>

  <Step title="Create a New Runner in the Blink Platform">
    Proceed to the Blink Platform and create a new [Runner](/docs/blink-platform/runners/runners) in your Workspace.

    <Frame>
      <img src="https://mintcdn.com/blinkops-2/xyKLDJHFYJazyJhl/img/Runners/Table.png?fit=max&auto=format&n=xyKLDJHFYJazyJhl&q=85&s=84fa0484a0bc8291082bcded683053c6" width="3068" height="726" data-path="img/Runners/Table.png" />
    </Frame>
  </Step>

  <Step title="Set the Runner Group as Default (Optional)">
    <p> Set new runner group as default for workspace. On the **Runners** page, click <Icon icon="square-ellipsis-vertical" iconType="solid" /> > **Set as default**.</p>
    OR
    Select the checkbox **Set as default** in **Add new runner group**.

    <Frame>
      <img src="https://mintcdn.com/blinkops-2/xyKLDJHFYJazyJhl/img/Runners/NewRunner.png?fit=max&auto=format&n=xyKLDJHFYJazyJhl&q=85&s=7ede4badbd7bd77acf6661ff8e27ccd2" width="1086" height="1104" data-path="img/Runners/NewRunner.png" />
    </Frame>
  </Step>

  <Step title="Copy the Runner Installation Command">
    To proceed, click on the 'Continue' button located in the bottom-right corner. This will prompt the opening of a dialogue box where you can access the command required to install the Runner in your environment. Simply copy this command to your clipboard by clicking on the icon positioned in the top-right corner.
  </Step>

  <Step title="Edit and Configure the Runner Command">
    Edit the command to add the environment variables you obtained when creating a Service Account: `GCP_SECRET_MANAGER_AUTH_TYPE`, `GCP_SECRET_MANAGER_CREDENTIALS`, `GCP_SECRET_MANAGER_PROJECT_ID` and `SECRET_MANAGER_TYPE`

    * [Docker](/docs/blink-platform/runners/deploying-runner/dockers-runner) example command:

    ```bash theme={"dark"}
    docker run -d --name blink-runner -e GCP_SECRET_MANAGER_AUTH_TYPE=credentials -e GCP_SECRET_MANAGER_CREDENTIALS=<credentials-json> -e SECRET_MANAGER_TYPE=gcp -e GCP_SECRET_MANAGER_PROJECT_ID=<project_id> -e CTRL_URL="https://app.blinkops.com"
    ```

    * [Kubernetes](/docs/blink-platform/runners/deploying-runner/kubernetes-runner) command example:

    ```bash theme={"dark"}
    helm install -n blink --create-namespace --set image.tag=<version> --set env.GCP_SECRET_MANAGER_AUTH_TYPE=credentials --set env.SECRET_MANAGER_TYPE=gcp --set-file env.GCP_SECRET_MANAGER_CREDENTIALS=<path-to-credentials-file> --set env.GCP_SECRET_MANAGER_PROJECT_ID=<project_id> --set config.runner.ctrl_url=https://app.blinkops.com
    ```
  </Step>

  <Step title="Start the Runner">
    Start the Runner to initiate access to secrets stored in GCP Secret Manager.
  </Step>
</Steps>