GCP Project Id — the GCP project that owns the Vertex AI resources.
GCP Location — the region of the Vertex AI pipelines (e.g., us-central1).
Authentication methods
Service Account Key — Google Service Account Key (JSON, base64 or raw). Long-lived; rotate manually. Treat the JSON as a secret.
Application Default Credentials — resolves via the host environment's ADC chain. Convenient on GCP-hosted Polysync.
Workload Identity Federation ⭐ (recommended) — Google Workload Identity Provider, Google Service Account Email. Federates Polysync's Azure / AWS / OIDC identity into GCP, eliminating JSON keys.
Impersonated Service Account — Google Source Service Account Key (optional), Google Service Account Email. Useful for least-privilege delegation chains.
Permissions checklist
The chosen identity must hold Vertex AI User (roles/aiplatform.user) on the project (or a custom role with equivalent pipeline-run permissions).
For Workload Identity Federation, configure a Workload Identity Pool and Provider that trusts the Polysync host identity.