Create and access an instance

Create a Secure Source Manager instance and access its web interface to prepare for creating repositories and granting users access.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. Install the Google Cloud CLI.

  3. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  4. To initialize the gcloud CLI, run the following command: 

    gcloud init

  5. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  6. Verify that billing is enabled for your Google Cloud project.

  7. Enable the Secure Source Manager API:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable securesourcemanager.googleapis.com

  8. Install the Google Cloud CLI.

  9. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  10. To initialize the gcloud CLI, run the following command: 

    gcloud init

  11. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  12. Verify that billing is enabled for your Google Cloud project.

  13. Enable the Secure Source Manager API:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable securesourcemanager.googleapis.com
  14. Install the beta Google Cloud CLI component: 
    gcloud components install beta

Required roles

To get the permissions that you need to create a Secure Source Manager instance, ask your administrator to grant you the Instance Owner (roles/securesourcemanager.instanceOwner) IAM role on the Google Cloud project.

Secure Source Manager roles don't appear in the Google Cloud console until they have been granted to a principal. To grant a Secure Source Manager role for the first time, see Grant and revoke IAM roles.

Create an instance

  1. Run the following command to create an instance named my-instance in the us-central1 location. You might be asked to authenticate to the gcloud CLI.

    gcloud beta source-manager instances create my-instance \
    --region=us-central1

    Where:

    • my-instance is the name of the instance.
    • us-central1 is the region where you are creating the instance.

    A long-running create instance operation starts. The output looks similar to the following:

    Create request issued for [my-instance].
done: false
metadata:
  '@type': type.googleapis.com/google.cloud.securesourcemanager.v1.OperationMetadata
  apiVersion: v1
  createTime: '2023-02-27T20:57:52.315609549Z'
  requestedCancellation: false
  target: projects/PROJECT_ID/locations/us-central1/instances/my-instance
  verb: create
name: projects/PROJECT_ID/locations/us-central1/operations/operation-1234567894561-5ec69948c0f2b-60dd727f-a9b97a2e

    Where:

    • projects/PROJECT_ID/locations/us-central1/operations/operation-1234567894561-5ec69948c0f2b-60dd727f-a9b97a2e is the OPERATION_NAME.
    • PROJECT_ID is your project ID.

    It takes up to 60 minutes to create the instance.

  2. Note the OPERATION_NAME as you will need to use it to check the status of the operation.

  3. Check the status of the create operation by running the following command:

    gcloud beta source-manager operations describe OPERATION_NAME \
    --region=us-central1

    Replace the following:

    • OPERATION_NAME with the operation name from your create command response.

    Once the instance is ready, the response will look similar to the following:

    {
"name": "projects/PROJECT_ID/locations/us-central1/operations/operation-123456789012-5ec69948c0f2b-60dd727f-a9b97a2e",
"metadata": {
  "@type": "type.googleapis.com/google.cloud.securesourcemanager.v1.OperationMetadata",
  "createTime": "2022-11-01T14:31:32.420469714Z",
  "endTime": "2022-11-01T14:48:34.140378114Z",
  "target": "projects/PROJECT_ID/locations/us-central1/instances/my-instance",
  "verb": "create",
  "requestedCancellation": false,
  "apiVersion": "v1"
},
"done": true,
"response": {
  "@type": "type.googleapis.com/google.cloud.securesourcemanager.v1.Instance",
  "name": "projects/PROJECT_ID/locations/us-central1/instances/my-instance",
  "createTime": "2022-11-01T14:31:32.416413630Z",
  "updateTime": "2022-11-01T14:31:32.416413630Z"
  },
  "state": "ACTIVE",
  "hostConfig": {
    "html": "my-instance-098765432109.us-central1.sourcemanager.dev",
    "api": "my-instance-098765432109-api.us-central1.sourcemanager.dev",
    "gitHttp": "my-instance-098765432109-git.us-central1.sourcemanager.dev"
  }
}
}

    Where:

    • my-instance-098765432109.us-central1.sourcemanager.dev is the instance HTML URL.
    • PROJECT_ID is your project ID.

  4. Copy the HTML URL from the successfully created check status command. You will need this URL to access the instance via web browser.

Access an instance

After the instance is created, you can access the instance via its web interface using a browser.

  1. To get the HTML URL for your instance, run the following command again:

       gcloud beta source-manager operations describe OPERATION_NAME \
    --region=us-central1

  2. Copy the HTML URL from the successful response from the gcloud beta source-manager operations describe command into your browser address bar.

  3. An Oauth 2.0 screen appears asking if you want to give sourcemanager.dev access to your Google Cloud account.

  4. Click the Allow button.

  5. The Secure Source Manager web interface opens. You can create and view repositories and all associated issues and pull requests from the web interface.

Clean up

To avoid incurring charges to your Google Cloud account for the resources used on this page, delete the Google Cloud project with the resources.

    Delete a Google Cloud project:

    gcloud projects delete PROJECT_ID

What's next