Enable the Binary Authorization service (original) (raw)

Enable the Binary Authorization service

This page explains how to enable Binary Authorization in your deployer project.

You first create or select a project. You enable Binary Authorization in the Google Cloud project where you deploy containers. This is the same project where you run yoursupported platforms, such as Google Kubernetes Engine (GKE), Cloud Run, or Google Distributed Cloud.

To enable Binary Authorization, follow these steps:

1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
   Roles required to select or create a project
   • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
   • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.create permission. Learn how to grant roles.
     Go to project selector
3. Verify that billing is enabled for your Google Cloud project.
4. Enable the Binary Authorization API.
   Roles required to enable APIs
   To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.
   Enable the API
5. Install the Google Cloud CLI.
6. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
7. To initialize the gcloud CLI, run the following command:
   gcloud init

Binary Authorization is enabled. You can now set it up with your container management platform.

What's next

• Set up Binary Authorization continuous validation with GKE (Preview)
• Set up Binary Authorization enforcement with GKE
• Set up Binary Authorization with Cloud Run
• Set up Binary Authorization with Distributed Cloud

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-06-15 UTC.