Cloud Keys
Aithroyz deploys infrastructure into your own GCP, AWS, or Azure account. You need to provide a service account or access key with the right permissions before your first deployment.
Cloud credentials are stored encrypted in Aithroyz and are only used during plan apply and destroy operations. They are never logged or transmitted to third parties. You can rotate or revoke credentials at any time.
Supported providers
GCP
Supported
Service account JSON key with Compute Admin, DNS Admin, Service Account User, and Storage Admin roles. GCP us-east1 is the default region.
AWS
Coming soon
IAM user access key + secret with EC2, Route 53, and S3 permissions.
Azure
Coming soon
Service principal with Contributor role on the target subscription.
Adding a GCP key
1
Create a service account
In GCP Console → IAM → Service Accounts, create a new service account for Aithroyz.
2
Grant required roles
Assign: Compute Admin, DNS Admin, Service Account User, Storage Admin, and Cloud Run Invoker.
3
Download JSON key
Create a key for the service account and download the JSON file.
4
Upload to Aithroyz
In Settings → Cloud Keys, click Add Key, select GCP, and paste or upload the JSON.
⚠
Keep your service account key secure. Anyone with access to it can deploy infrastructure in your GCP project and incur charges. Rotate keys immediately if they are ever exposed.