astroctl_cloud_gcp_selfHosted_connect

astroctl cloud gcp selfHosted connect

Store your own GCP credentials in the platform vault

Synopsis

Store your GCP service account key in the platform's encrypted vault so the platform can access your GCP project for cluster provisioning.

Use this when you bring your own service account (BYOC) instead of using 'setup' which creates everything automatically.

This command:

1. Validates credentials (project access, required APIs, IAM roles)
2. Checks GCS state store bucket accessibility
3. Stores the SA key in the encrypted vault
4. Outputs a cluster YAML snippet with credentials.type: vault

Credentials must be provided explicitly via --credentials flag. Environment variables are NOT used — connect stores credentials in the vault, so you must deliberately provide the service account key created by setup.

astroctl cloud gcp selfHosted connect [flags]

Examples

  # Check vault status
  astroctl cloud gcp selfHosted connect --cluster-name prod

  # Connect with service account key file
  astroctl cloud gcp selfHosted connect --project-id my-proj --region us-central1 \
      --credentials /path/to/key.json --cluster-name prod

  # Connect with key file from setup
  astroctl cloud gcp selfHosted connect --project-id my-proj --region us-central1 \
      --credentials ~/.astropulse/credentials/my-proj.json --cluster-name prod

Options

      --cluster-name string   Cluster name (required)
      --credentials string    Path to GCP service account JSON key
  -h, --help                  help for connect
      --project-id string     GCP project ID (required for BYOC)
      --region string         GCP region (required for BYOC)

Options inherited from parent commands

  -o, --output string   Output format (json|yaml) (default "yaml")

SEE ALSO

• astroctl cloud gcp selfHosted - Self-hosted cluster prerequisite management