Regulatory support in Cloud Build

This document describes the features, configurations and APIs in Cloud Build that align with the controls for supported control packages. This document assumes that you're using Assured Workloads.

Data Boundary for ITAR

Supported services

The following table lists the Cloud Build APIs and versions that meet the requirements of Data Boundary for ITAR.

Service Version Status
cloudbuild.googleapis.com v1 SUPPORTED
cloudbuild.googleapis.com v2 SUPPORTED

Compliance supported regions

Cloud Build is available for Data Boundary for ITAR in the following Google Cloud regions:

  • us-central1
  • us-central2
  • us-east1
  • us-east4
  • us-east5
  • us-south1
  • us-west1
  • us-west2
  • us-west3
  • us-west4

API fields for sensitive data

Resource: No resource

The following table specifies the API resources and fields that are designed to handle data that is protected under Data Boundary for ITAR.

API Method Protected fields

Service: cloudbuild.googleapis.com

REST API: POST /v1/appmanifest:constructAppManifest

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.ConstructAppManifest
  • apiKey
  • hostUrl
  • sslCa

Service: cloudbuild.googleapis.com

REST API: POST /v1/{parent=projects/*/locations/*}/appmanifest:constructAppManifest

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.ConstructAppManifest
  • apiKey
  • hostUrl
  • sslCa

Resource: cloudbuild.googleapis.com/Build

The following table specifies the API resources and fields that are designed to handle data that is protected under Data Boundary for ITAR.

API Method Protected fields

Service: cloudbuild.googleapis.com

REST API: GET /v1/projects/{project_id}/builds

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.ListBuilds
  • filter

Service: cloudbuild.googleapis.com

REST API: GET /v1/{parent=projects/*/locations/*}/builds

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.ListBuilds
  • filter

Service: cloudbuild.googleapis.com

REST API: POST /v1/projects/{project_id}/builds

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.CreateBuild
  • build.artifacts.genericArtifacts.contentHandling
  • build.artifacts.genericArtifacts.folder
  • build.artifacts.genericArtifacts.registryPath
  • build.artifacts.goModules.modulePath
  • build.artifacts.goModules.moduleVersion
  • build.artifacts.goModules.sourcePath
  • build.artifacts.images
  • build.artifacts.mavenArtifacts.artifactId
  • build.artifacts.mavenArtifacts.deployFolder
  • build.artifacts.mavenArtifacts.groupId
  • build.artifacts.mavenArtifacts.path
  • build.artifacts.mavenArtifacts.pomPath
  • build.artifacts.mavenArtifacts.version
  • build.artifacts.npmPackages.archive
  • build.artifacts.npmPackages.packagePath
  • build.artifacts.npmPackages.repository
  • build.artifacts.objects.location
  • build.artifacts.objects.paths
  • build.artifacts.oci.file
  • build.artifacts.oci.registryPath
  • build.artifacts.oci.tags
  • build.artifacts.pythonPackages.paths
  • build.artifacts.testResults.bucketUri
  • build.artifacts.testResults.format
  • build.artifacts.testResults.paths
  • build.artifacts.volumes.name
  • build.artifacts.volumes.path
  • build.availableSecrets.inline.envMap.key
  • build.availableSecrets.inline.envMap.value
  • build.availableSecrets.inline.kmsKeyName
  • build.availableSecrets.secretManager.env
  • build.availableSecrets.secretManager.versionName
  • build.buildReceipt.workerDiagnostics.identityEndpointSuccesses
  • build.dependencies.empty
  • build.dependencies.genericArtifact.destPath
  • build.dependencies.genericArtifact.resource
  • build.dependencies.gitSource.depth
  • build.dependencies.gitSource.destPath
  • build.dependencies.gitSource.recurseSubmodules
  • build.dependencies.gitSource.repository.developerConnect
  • build.dependencies.gitSource.repository.proxyUrlEnabled
  • build.dependencies.gitSource.repository.url
  • build.dependencies.gitSource.revision
  • build.gitConfig.http.proxySecretVersionName
  • build.gitConfig.http.sslCaInfo
  • build.images
  • build.logsBucket
  • build.options.env
  • build.options.secretEnv
  • build.options.volumes.name
  • build.options.volumes.path
  • build.secrets.kmsKeyName
  • build.secrets.secretEnv.key
  • build.secrets.secretEnv.value
  • build.serviceAccount
  • build.source.buildConfigFileName
  • build.source.connectedRepository.dir
  • build.source.connectedRepository.repository
  • build.source.connectedRepository.revision
  • build.source.developerConnectConfig.dir
  • build.source.developerConnectConfig.gitRepositoryLink
  • build.source.developerConnectConfig.revision
  • build.source.gitSource.commitSha
  • build.source.gitSource.dir
  • build.source.gitSource.revision
  • build.source.gitSource.url
  • build.source.repoSource.branchName
  • build.source.repoSource.commitSha
  • build.source.repoSource.dir
  • build.source.repoSource.invertRegex
  • build.source.repoSource.projectId
  • build.source.repoSource.repoName
  • build.source.repoSource.substitutions.key
  • build.source.repoSource.substitutions.value
  • build.source.repoSource.tagName
  • build.source.storageSource.bucket
  • build.source.storageSource.generation
  • build.source.storageSource.object
  • build.source.storageSource.sourceFetcher
  • build.source.storageSource.stripComponents
  • build.source.storageSourceManifest.bucket
  • build.source.storageSourceManifest.generation
  • build.source.storageSourceManifest.object
  • build.steps.args
  • build.steps.dir
  • build.steps.entrypoint
  • build.steps.env
  • build.steps.id
  • build.steps.name
  • build.steps.remoteConfig
  • build.steps.results.attestationContent
  • build.steps.results.attestationType
  • build.steps.results.name
  • build.steps.script
  • build.steps.secretEnv
  • build.steps.volumes.name
  • build.steps.volumes.path
  • build.steps.waitFor
  • build.substitutions.key
  • build.substitutions.value
  • build.tags

Service: cloudbuild.googleapis.com

REST API: POST /v1/{name=projects/*/builds/*}:approve

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.ApproveBuild
  • approvalResult.comment
  • approvalResult.url

Service: cloudbuild.googleapis.com

REST API: POST /v1/{name=projects/*/locations/*/builds/*}:approve

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.ApproveBuild
  • approvalResult.comment
  • approvalResult.url

Service: cloudbuild.googleapis.com

REST API: POST /v1/{parent=projects/*/locations/*}/builds

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.CreateBuild
  • build.artifacts.genericArtifacts.contentHandling
  • build.artifacts.genericArtifacts.folder
  • build.artifacts.genericArtifacts.registryPath
  • build.artifacts.goModules.modulePath
  • build.artifacts.goModules.moduleVersion
  • build.artifacts.goModules.sourcePath
  • build.artifacts.images
  • build.artifacts.mavenArtifacts.artifactId
  • build.artifacts.mavenArtifacts.deployFolder
  • build.artifacts.mavenArtifacts.groupId
  • build.artifacts.mavenArtifacts.path
  • build.artifacts.mavenArtifacts.pomPath
  • build.artifacts.mavenArtifacts.version
  • build.artifacts.npmPackages.archive
  • build.artifacts.npmPackages.packagePath
  • build.artifacts.npmPackages.repository
  • build.artifacts.objects.location
  • build.artifacts.objects.paths
  • build.artifacts.oci.file
  • build.artifacts.oci.registryPath
  • build.artifacts.oci.tags
  • build.artifacts.pythonPackages.paths
  • build.artifacts.testResults.bucketUri
  • build.artifacts.testResults.format
  • build.artifacts.testResults.paths
  • build.artifacts.volumes.name
  • build.artifacts.volumes.path
  • build.availableSecrets.inline.envMap.key
  • build.availableSecrets.inline.envMap.value
  • build.availableSecrets.inline.kmsKeyName
  • build.availableSecrets.secretManager.env
  • build.availableSecrets.secretManager.versionName
  • build.buildReceipt.workerDiagnostics.identityEndpointSuccesses
  • build.dependencies.empty
  • build.dependencies.genericArtifact.destPath
  • build.dependencies.genericArtifact.resource
  • build.dependencies.gitSource.depth
  • build.dependencies.gitSource.destPath
  • build.dependencies.gitSource.recurseSubmodules
  • build.dependencies.gitSource.repository.developerConnect
  • build.dependencies.gitSource.repository.proxyUrlEnabled
  • build.dependencies.gitSource.repository.url
  • build.dependencies.gitSource.revision
  • build.gitConfig.http.proxySecretVersionName
  • build.gitConfig.http.sslCaInfo
  • build.images
  • build.logsBucket
  • build.options.env
  • build.options.secretEnv
  • build.options.volumes.name
  • build.options.volumes.path
  • build.secrets.kmsKeyName
  • build.secrets.secretEnv.key
  • build.secrets.secretEnv.value
  • build.serviceAccount
  • build.source.buildConfigFileName
  • build.source.connectedRepository.dir
  • build.source.connectedRepository.repository
  • build.source.connectedRepository.revision
  • build.source.developerConnectConfig.dir
  • build.source.developerConnectConfig.gitRepositoryLink
  • build.source.developerConnectConfig.revision
  • build.source.gitSource.commitSha
  • build.source.gitSource.dir
  • build.source.gitSource.revision
  • build.source.gitSource.url
  • build.source.repoSource.branchName
  • build.source.repoSource.commitSha
  • build.source.repoSource.dir
  • build.source.repoSource.invertRegex
  • build.source.repoSource.projectId
  • build.source.repoSource.repoName
  • build.source.repoSource.substitutions.key
  • build.source.repoSource.substitutions.value
  • build.source.repoSource.tagName
  • build.source.storageSource.bucket
  • build.source.storageSource.generation
  • build.source.storageSource.object
  • build.source.storageSource.sourceFetcher
  • build.source.storageSource.stripComponents
  • build.source.storageSourceManifest.bucket
  • build.source.storageSourceManifest.generation
  • build.source.storageSourceManifest.object
  • build.steps.args
  • build.steps.dir
  • build.steps.entrypoint
  • build.steps.env
  • build.steps.id
  • build.steps.name
  • build.steps.remoteConfig
  • build.steps.results.attestationContent
  • build.steps.results.attestationType
  • build.steps.results.name
  • build.steps.script
  • build.steps.secretEnv
  • build.steps.volumes.name
  • build.steps.volumes.path
  • build.steps.waitFor
  • build.substitutions.key
  • build.substitutions.value
  • build.tags

Resource: cloudbuild.googleapis.com/BuildTrigger

The following table specifies the API resources and fields that are designed to handle data that is protected under Data Boundary for ITAR.

API Method Protected fields

Service: cloudbuild.googleapis.com

REST API: PATCH /v1/projects/{project_id}/triggers/{trigger_id}

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.UpdateBuildTrigger
  • trigger.baseImage.imageName
  • trigger.bitbucketServerTriggerConfig.pullRequest.branch
  • trigger.bitbucketServerTriggerConfig.push.branch
  • trigger.bitbucketServerTriggerConfig.push.tag
  • trigger.build.artifacts.genericArtifacts.contentHandling
  • trigger.build.artifacts.genericArtifacts.folder
  • trigger.build.artifacts.genericArtifacts.registryPath
  • trigger.build.artifacts.goModules.modulePath
  • trigger.build.artifacts.goModules.moduleVersion
  • trigger.build.artifacts.goModules.sourcePath
  • trigger.build.artifacts.images
  • trigger.build.artifacts.mavenArtifacts.artifactId
  • trigger.build.artifacts.mavenArtifacts.deployFolder
  • trigger.build.artifacts.mavenArtifacts.groupId
  • trigger.build.artifacts.mavenArtifacts.path
  • trigger.build.artifacts.mavenArtifacts.pomPath
  • trigger.build.artifacts.mavenArtifacts.version
  • trigger.build.artifacts.npmPackages.archive
  • trigger.build.artifacts.npmPackages.packagePath
  • trigger.build.artifacts.npmPackages.repository
  • trigger.build.artifacts.objects.location
  • trigger.build.artifacts.objects.paths
  • trigger.build.artifacts.oci.file
  • trigger.build.artifacts.oci.registryPath
  • trigger.build.artifacts.oci.tags
  • trigger.build.artifacts.pythonPackages.paths
  • trigger.build.artifacts.testResults.bucketUri
  • trigger.build.artifacts.testResults.format
  • trigger.build.artifacts.testResults.paths
  • trigger.build.artifacts.volumes.name
  • trigger.build.artifacts.volumes.path
  • trigger.build.availableSecrets.inline.envMap.key
  • trigger.build.availableSecrets.inline.envMap.value
  • trigger.build.availableSecrets.inline.kmsKeyName
  • trigger.build.availableSecrets.secretManager.env
  • trigger.build.availableSecrets.secretManager.versionName
  • trigger.build.buildReceipt.workerDiagnostics.identityEndpointSuccesses
  • trigger.build.dependencies.empty
  • trigger.build.dependencies.genericArtifact.destPath
  • trigger.build.dependencies.genericArtifact.resource
  • trigger.build.dependencies.gitSource.depth
  • trigger.build.dependencies.gitSource.destPath
  • trigger.build.dependencies.gitSource.recurseSubmodules
  • trigger.build.dependencies.gitSource.repository.developerConnect
  • trigger.build.dependencies.gitSource.repository.proxyUrlEnabled
  • trigger.build.dependencies.gitSource.repository.url
  • trigger.build.dependencies.gitSource.revision
  • trigger.build.gitConfig.http.proxySecretVersionName
  • trigger.build.gitConfig.http.sslCaInfo
  • trigger.build.images
  • trigger.build.logsBucket
  • trigger.build.options.env
  • trigger.build.options.secretEnv
  • trigger.build.options.volumes.name
  • trigger.build.options.volumes.path
  • trigger.build.secrets.kmsKeyName
  • trigger.build.secrets.secretEnv.key
  • trigger.build.secrets.secretEnv.value
  • trigger.build.serviceAccount
  • trigger.build.source.buildConfigFileName
  • trigger.build.source.connectedRepository.dir
  • trigger.build.source.connectedRepository.repository
  • trigger.build.source.connectedRepository.revision
  • trigger.build.source.developerConnectConfig.dir
  • trigger.build.source.developerConnectConfig.gitRepositoryLink
  • trigger.build.source.developerConnectConfig.revision
  • trigger.build.source.gitSource.commitSha
  • trigger.build.source.gitSource.dir
  • trigger.build.source.gitSource.revision
  • trigger.build.source.gitSource.url
  • trigger.build.source.repoSource.branchName
  • trigger.build.source.repoSource.commitSha
  • trigger.build.source.repoSource.dir
  • trigger.build.source.repoSource.invertRegex
  • trigger.build.source.repoSource.projectId
  • trigger.build.source.repoSource.repoName
  • trigger.build.source.repoSource.substitutions.key
  • trigger.build.source.repoSource.substitutions.value
  • trigger.build.source.repoSource.tagName
  • trigger.build.source.storageSource.bucket
  • trigger.build.source.storageSource.generation
  • trigger.build.source.storageSource.object
  • trigger.build.source.storageSource.sourceFetcher
  • trigger.build.source.storageSource.stripComponents
  • trigger.build.source.storageSourceManifest.bucket
  • trigger.build.source.storageSourceManifest.generation
  • trigger.build.source.storageSourceManifest.object
  • trigger.build.steps.args
  • trigger.build.steps.dir
  • trigger.build.steps.entrypoint
  • trigger.build.steps.env
  • trigger.build.steps.id
  • trigger.build.steps.name
  • trigger.build.steps.remoteConfig
  • trigger.build.steps.results.attestationContent
  • trigger.build.steps.results.attestationType
  • trigger.build.steps.results.name
  • trigger.build.steps.script
  • trigger.build.steps.secretEnv
  • trigger.build.steps.volumes.name
  • trigger.build.steps.volumes.path
  • trigger.build.steps.waitFor
  • trigger.build.substitutions.key
  • trigger.build.substitutions.value
  • trigger.build.tags
  • trigger.cloudCode.codeReview.branch
  • trigger.cloudCode.project
  • trigger.cloudCode.repo
  • trigger.description
  • trigger.developerConnectEventConfig.gitRepositoryLink
  • trigger.developerConnectEventConfig.pullRequest.branch
  • trigger.developerConnectEventConfig.pullRequest.commentControl
  • trigger.developerConnectEventConfig.pullRequest.invertRegex
  • trigger.developerConnectEventConfig.push.branch
  • trigger.developerConnectEventConfig.push.invertRegex
  • trigger.developerConnectEventConfig.push.tag
  • trigger.dir
  • trigger.eventType
  • trigger.filename
  • trigger.gitFileSource.bitbucketServerConfig
  • trigger.gitFileSource.githubEnterpriseConfig
  • trigger.gitFileSource.path
  • trigger.gitFileSource.repoType
  • trigger.gitFileSource.repository
  • trigger.gitFileSource.revision
  • trigger.gitFileSource.uri
  • trigger.github.pullRequest.branch
  • trigger.github.push.branch
  • trigger.github.push.tag
  • trigger.gitlabEnterpriseEventsConfig.pullRequest.branch
  • trigger.gitlabEnterpriseEventsConfig.push.branch
  • trigger.gitlabEnterpriseEventsConfig.push.tag
  • trigger.gitlabEventsConfig.pullRequest.branch
  • trigger.gitlabEventsConfig.push.branch
  • trigger.gitlabEventsConfig.push.tag
  • trigger.ignoredFiles
  • trigger.includeBuildLogs
  • trigger.includedFiles
  • trigger.internalAnnotations.tags
  • trigger.name
  • trigger.repositoryEventConfig.pullRequest.branch
  • trigger.repositoryEventConfig.pullRequest.commentControl
  • trigger.repositoryEventConfig.pullRequest.invertRegex
  • trigger.repositoryEventConfig.push.branch
  • trigger.repositoryEventConfig.push.invertRegex
  • trigger.repositoryEventConfig.push.tag
  • trigger.repositoryEventConfig.repository
  • trigger.serviceAccount
  • trigger.sourceToBuild.bitbucketServerConfig
  • trigger.sourceToBuild.githubEnterpriseConfig
  • trigger.sourceToBuild.ref
  • trigger.sourceToBuild.repoType
  • trigger.sourceToBuild.repository
  • trigger.sourceToBuild.uri
  • trigger.substitutions.key
  • trigger.substitutions.value
  • trigger.tags
  • trigger.triggerTemplate.branchName
  • trigger.triggerTemplate.commitSha
  • trigger.triggerTemplate.dir
  • trigger.triggerTemplate.invertRegex
  • trigger.triggerTemplate.repoName
  • trigger.triggerTemplate.substitutions.key
  • trigger.triggerTemplate.substitutions.value
  • trigger.triggerTemplate.tagName
  • trigger.uri
  • trigger.webhookConfig.secret

Service: cloudbuild.googleapis.com

REST API: PATCH /v1/{trigger.resource_name=projects/*/locations/*/triggers/*}

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.UpdateBuildTrigger
  • trigger.baseImage.imageName
  • trigger.bitbucketServerTriggerConfig.pullRequest.branch
  • trigger.bitbucketServerTriggerConfig.push.branch
  • trigger.bitbucketServerTriggerConfig.push.tag
  • trigger.build.artifacts.genericArtifacts.contentHandling
  • trigger.build.artifacts.genericArtifacts.folder
  • trigger.build.artifacts.genericArtifacts.registryPath
  • trigger.build.artifacts.goModules.modulePath
  • trigger.build.artifacts.goModules.moduleVersion
  • trigger.build.artifacts.goModules.sourcePath
  • trigger.build.artifacts.images
  • trigger.build.artifacts.mavenArtifacts.artifactId
  • trigger.build.artifacts.mavenArtifacts.deployFolder
  • trigger.build.artifacts.mavenArtifacts.groupId
  • trigger.build.artifacts.mavenArtifacts.path
  • trigger.build.artifacts.mavenArtifacts.pomPath
  • trigger.build.artifacts.mavenArtifacts.version
  • trigger.build.artifacts.npmPackages.archive
  • trigger.build.artifacts.npmPackages.packagePath
  • trigger.build.artifacts.npmPackages.repository
  • trigger.build.artifacts.objects.location
  • trigger.build.artifacts.objects.paths
  • trigger.build.artifacts.oci.file
  • trigger.build.artifacts.oci.registryPath
  • trigger.build.artifacts.oci.tags
  • trigger.build.artifacts.pythonPackages.paths
  • trigger.build.artifacts.testResults.bucketUri
  • trigger.build.artifacts.testResults.format
  • trigger.build.artifacts.testResults.paths
  • trigger.build.artifacts.volumes.name
  • trigger.build.artifacts.volumes.path
  • trigger.build.availableSecrets.inline.envMap.key
  • trigger.build.availableSecrets.inline.envMap.value
  • trigger.build.availableSecrets.inline.kmsKeyName
  • trigger.build.availableSecrets.secretManager.env
  • trigger.build.availableSecrets.secretManager.versionName
  • trigger.build.buildReceipt.workerDiagnostics.identityEndpointSuccesses
  • trigger.build.dependencies.empty
  • trigger.build.dependencies.genericArtifact.destPath
  • trigger.build.dependencies.genericArtifact.resource
  • trigger.build.dependencies.gitSource.depth
  • trigger.build.dependencies.gitSource.destPath
  • trigger.build.dependencies.gitSource.recurseSubmodules
  • trigger.build.dependencies.gitSource.repository.developerConnect
  • trigger.build.dependencies.gitSource.repository.proxyUrlEnabled
  • trigger.build.dependencies.gitSource.repository.url
  • trigger.build.dependencies.gitSource.revision
  • trigger.build.gitConfig.http.proxySecretVersionName
  • trigger.build.gitConfig.http.sslCaInfo
  • trigger.build.images
  • trigger.build.logsBucket
  • trigger.build.options.env
  • trigger.build.options.secretEnv
  • trigger.build.options.volumes.name
  • trigger.build.options.volumes.path
  • trigger.build.secrets.kmsKeyName
  • trigger.build.secrets.secretEnv.key
  • trigger.build.secrets.secretEnv.value
  • trigger.build.serviceAccount
  • trigger.build.source.buildConfigFileName
  • trigger.build.source.connectedRepository.dir
  • trigger.build.source.connectedRepository.repository
  • trigger.build.source.connectedRepository.revision
  • trigger.build.source.developerConnectConfig.dir
  • trigger.build.source.developerConnectConfig.gitRepositoryLink
  • trigger.build.source.developerConnectConfig.revision
  • trigger.build.source.gitSource.commitSha
  • trigger.build.source.gitSource.dir
  • trigger.build.source.gitSource.revision
  • trigger.build.source.gitSource.url
  • trigger.build.source.repoSource.branchName
  • trigger.build.source.repoSource.commitSha
  • trigger.build.source.repoSource.dir
  • trigger.build.source.repoSource.invertRegex
  • trigger.build.source.repoSource.projectId
  • trigger.build.source.repoSource.repoName
  • trigger.build.source.repoSource.substitutions.key
  • trigger.build.source.repoSource.substitutions.value
  • trigger.build.source.repoSource.tagName
  • trigger.build.source.storageSource.bucket
  • trigger.build.source.storageSource.generation
  • trigger.build.source.storageSource.object
  • trigger.build.source.storageSource.sourceFetcher
  • trigger.build.source.storageSource.stripComponents
  • trigger.build.source.storageSourceManifest.bucket
  • trigger.build.source.storageSourceManifest.generation
  • trigger.build.source.storageSourceManifest.object
  • trigger.build.steps.args
  • trigger.build.steps.dir
  • trigger.build.steps.entrypoint
  • trigger.build.steps.env
  • trigger.build.steps.id
  • trigger.build.steps.name
  • trigger.build.steps.remoteConfig
  • trigger.build.steps.results.attestationContent
  • trigger.build.steps.results.attestationType
  • trigger.build.steps.results.name
  • trigger.build.steps.script
  • trigger.build.steps.secretEnv
  • trigger.build.steps.volumes.name
  • trigger.build.steps.volumes.path
  • trigger.build.steps.waitFor
  • trigger.build.substitutions.key
  • trigger.build.substitutions.value
  • trigger.build.tags
  • trigger.cloudCode.codeReview.branch
  • trigger.cloudCode.project
  • trigger.cloudCode.repo
  • trigger.description
  • trigger.developerConnectEventConfig.gitRepositoryLink
  • trigger.developerConnectEventConfig.pullRequest.branch
  • trigger.developerConnectEventConfig.pullRequest.commentControl
  • trigger.developerConnectEventConfig.pullRequest.invertRegex
  • trigger.developerConnectEventConfig.push.branch
  • trigger.developerConnectEventConfig.push.invertRegex
  • trigger.developerConnectEventConfig.push.tag
  • trigger.dir
  • trigger.eventType
  • trigger.filename
  • trigger.gitFileSource.bitbucketServerConfig
  • trigger.gitFileSource.githubEnterpriseConfig
  • trigger.gitFileSource.path
  • trigger.gitFileSource.repoType
  • trigger.gitFileSource.repository
  • trigger.gitFileSource.revision
  • trigger.gitFileSource.uri
  • trigger.github.pullRequest.branch
  • trigger.github.push.branch
  • trigger.github.push.tag
  • trigger.gitlabEnterpriseEventsConfig.pullRequest.branch
  • trigger.gitlabEnterpriseEventsConfig.push.branch
  • trigger.gitlabEnterpriseEventsConfig.push.tag
  • trigger.gitlabEventsConfig.pullRequest.branch
  • trigger.gitlabEventsConfig.push.branch
  • trigger.gitlabEventsConfig.push.tag
  • trigger.ignoredFiles
  • trigger.includeBuildLogs
  • trigger.includedFiles
  • trigger.internalAnnotations.tags
  • trigger.name
  • trigger.repositoryEventConfig.pullRequest.branch
  • trigger.repositoryEventConfig.pullRequest.commentControl
  • trigger.repositoryEventConfig.pullRequest.invertRegex
  • trigger.repositoryEventConfig.push.branch
  • trigger.repositoryEventConfig.push.invertRegex
  • trigger.repositoryEventConfig.push.tag
  • trigger.repositoryEventConfig.repository
  • trigger.serviceAccount
  • trigger.sourceToBuild.bitbucketServerConfig
  • trigger.sourceToBuild.githubEnterpriseConfig
  • trigger.sourceToBuild.ref
  • trigger.sourceToBuild.repoType
  • trigger.sourceToBuild.repository
  • trigger.sourceToBuild.uri
  • trigger.substitutions.key
  • trigger.substitutions.value
  • trigger.tags
  • trigger.triggerTemplate.branchName
  • trigger.triggerTemplate.commitSha
  • trigger.triggerTemplate.dir
  • trigger.triggerTemplate.invertRegex
  • trigger.triggerTemplate.repoName
  • trigger.triggerTemplate.substitutions.key
  • trigger.triggerTemplate.substitutions.value
  • trigger.triggerTemplate.tagName
  • trigger.uri
  • trigger.webhookConfig.secret

Service: cloudbuild.googleapis.com

REST API: POST /v1/projects/{project_id}/triggers

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.CreateBuildTrigger
  • trigger.baseImage.imageName
  • trigger.bitbucketServerTriggerConfig.pullRequest.branch
  • trigger.bitbucketServerTriggerConfig.push.branch
  • trigger.bitbucketServerTriggerConfig.push.tag
  • trigger.build.artifacts.genericArtifacts.contentHandling
  • trigger.build.artifacts.genericArtifacts.folder
  • trigger.build.artifacts.genericArtifacts.registryPath
  • trigger.build.artifacts.goModules.modulePath
  • trigger.build.artifacts.goModules.moduleVersion
  • trigger.build.artifacts.goModules.sourcePath
  • trigger.build.artifacts.images
  • trigger.build.artifacts.mavenArtifacts.artifactId
  • trigger.build.artifacts.mavenArtifacts.deployFolder
  • trigger.build.artifacts.mavenArtifacts.groupId
  • trigger.build.artifacts.mavenArtifacts.path
  • trigger.build.artifacts.mavenArtifacts.pomPath
  • trigger.build.artifacts.mavenArtifacts.version
  • trigger.build.artifacts.npmPackages.archive
  • trigger.build.artifacts.npmPackages.packagePath
  • trigger.build.artifacts.npmPackages.repository
  • trigger.build.artifacts.objects.location
  • trigger.build.artifacts.objects.paths
  • trigger.build.artifacts.oci.file
  • trigger.build.artifacts.oci.registryPath
  • trigger.build.artifacts.oci.tags
  • trigger.build.artifacts.pythonPackages.paths
  • trigger.build.artifacts.testResults.bucketUri
  • trigger.build.artifacts.testResults.format
  • trigger.build.artifacts.testResults.paths
  • trigger.build.artifacts.volumes.name
  • trigger.build.artifacts.volumes.path
  • trigger.build.availableSecrets.inline.envMap.key
  • trigger.build.availableSecrets.inline.envMap.value
  • trigger.build.availableSecrets.inline.kmsKeyName
  • trigger.build.availableSecrets.secretManager.env
  • trigger.build.availableSecrets.secretManager.versionName
  • trigger.build.buildReceipt.workerDiagnostics.identityEndpointSuccesses
  • trigger.build.dependencies.empty
  • trigger.build.dependencies.genericArtifact.destPath
  • trigger.build.dependencies.genericArtifact.resource
  • trigger.build.dependencies.gitSource.depth
  • trigger.build.dependencies.gitSource.destPath
  • trigger.build.dependencies.gitSource.recurseSubmodules
  • trigger.build.dependencies.gitSource.repository.developerConnect
  • trigger.build.dependencies.gitSource.repository.proxyUrlEnabled
  • trigger.build.dependencies.gitSource.repository.url
  • trigger.build.dependencies.gitSource.revision
  • trigger.build.gitConfig.http.proxySecretVersionName
  • trigger.build.gitConfig.http.sslCaInfo
  • trigger.build.images
  • trigger.build.logsBucket
  • trigger.build.options.env
  • trigger.build.options.secretEnv
  • trigger.build.options.volumes.name
  • trigger.build.options.volumes.path
  • trigger.build.secrets.kmsKeyName
  • trigger.build.secrets.secretEnv.key
  • trigger.build.secrets.secretEnv.value
  • trigger.build.serviceAccount
  • trigger.build.source.buildConfigFileName
  • trigger.build.source.connectedRepository.dir
  • trigger.build.source.connectedRepository.repository
  • trigger.build.source.connectedRepository.revision
  • trigger.build.source.developerConnectConfig.dir
  • trigger.build.source.developerConnectConfig.gitRepositoryLink
  • trigger.build.source.developerConnectConfig.revision
  • trigger.build.source.gitSource.commitSha
  • trigger.build.source.gitSource.dir
  • trigger.build.source.gitSource.revision
  • trigger.build.source.gitSource.url
  • trigger.build.source.repoSource.branchName
  • trigger.build.source.repoSource.commitSha
  • trigger.build.source.repoSource.dir
  • trigger.build.source.repoSource.invertRegex
  • trigger.build.source.repoSource.projectId
  • trigger.build.source.repoSource.repoName
  • trigger.build.source.repoSource.substitutions.key
  • trigger.build.source.repoSource.substitutions.value
  • trigger.build.source.repoSource.tagName
  • trigger.build.source.storageSource.bucket
  • trigger.build.source.storageSource.generation
  • trigger.build.source.storageSource.object
  • trigger.build.source.storageSource.sourceFetcher
  • trigger.build.source.storageSource.stripComponents
  • trigger.build.source.storageSourceManifest.bucket
  • trigger.build.source.storageSourceManifest.generation
  • trigger.build.source.storageSourceManifest.object
  • trigger.build.steps.args
  • trigger.build.steps.dir
  • trigger.build.steps.entrypoint
  • trigger.build.steps.env
  • trigger.build.steps.id
  • trigger.build.steps.name
  • trigger.build.steps.remoteConfig
  • trigger.build.steps.results.attestationContent
  • trigger.build.steps.results.attestationType
  • trigger.build.steps.results.name
  • trigger.build.steps.script
  • trigger.build.steps.secretEnv
  • trigger.build.steps.volumes.name
  • trigger.build.steps.volumes.path
  • trigger.build.steps.waitFor
  • trigger.build.substitutions.key
  • trigger.build.substitutions.value
  • trigger.build.tags
  • trigger.cloudCode.codeReview.branch
  • trigger.cloudCode.project
  • trigger.cloudCode.repo
  • trigger.description
  • trigger.developerConnectEventConfig.gitRepositoryLink
  • trigger.developerConnectEventConfig.pullRequest.branch
  • trigger.developerConnectEventConfig.pullRequest.commentControl
  • trigger.developerConnectEventConfig.pullRequest.invertRegex
  • trigger.developerConnectEventConfig.push.branch
  • trigger.developerConnectEventConfig.push.invertRegex
  • trigger.developerConnectEventConfig.push.tag
  • trigger.dir
  • trigger.eventType
  • trigger.filename
  • trigger.gitFileSource.bitbucketServerConfig
  • trigger.gitFileSource.githubEnterpriseConfig
  • trigger.gitFileSource.path
  • trigger.gitFileSource.repoType
  • trigger.gitFileSource.repository
  • trigger.gitFileSource.revision
  • trigger.gitFileSource.uri
  • trigger.github.pullRequest.branch
  • trigger.github.push.branch
  • trigger.github.push.tag
  • trigger.gitlabEnterpriseEventsConfig.pullRequest.branch
  • trigger.gitlabEnterpriseEventsConfig.push.branch
  • trigger.gitlabEnterpriseEventsConfig.push.tag
  • trigger.gitlabEventsConfig.pullRequest.branch
  • trigger.gitlabEventsConfig.push.branch
  • trigger.gitlabEventsConfig.push.tag
  • trigger.ignoredFiles
  • trigger.includeBuildLogs
  • trigger.includedFiles
  • trigger.internalAnnotations.tags
  • trigger.name
  • trigger.repositoryEventConfig.pullRequest.branch
  • trigger.repositoryEventConfig.pullRequest.commentControl
  • trigger.repositoryEventConfig.pullRequest.invertRegex
  • trigger.repositoryEventConfig.push.branch
  • trigger.repositoryEventConfig.push.invertRegex
  • trigger.repositoryEventConfig.push.tag
  • trigger.repositoryEventConfig.repository
  • trigger.serviceAccount
  • trigger.sourceToBuild.bitbucketServerConfig
  • trigger.sourceToBuild.githubEnterpriseConfig
  • trigger.sourceToBuild.ref
  • trigger.sourceToBuild.repoType
  • trigger.sourceToBuild.repository
  • trigger.sourceToBuild.uri
  • trigger.substitutions.key
  • trigger.substitutions.value
  • trigger.tags
  • trigger.triggerTemplate.branchName
  • trigger.triggerTemplate.commitSha
  • trigger.triggerTemplate.dir
  • trigger.triggerTemplate.invertRegex
  • trigger.triggerTemplate.repoName
  • trigger.triggerTemplate.substitutions.key
  • trigger.triggerTemplate.substitutions.value
  • trigger.triggerTemplate.tagName
  • trigger.uri
  • trigger.webhookConfig.secret

Service: cloudbuild.googleapis.com

REST API: POST /v1/projects/{project_id}/triggers/{trigger_id}:run

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.RunBuildTrigger
  • source.branchName
  • source.commitSha
  • source.dir
  • source.invertRegex
  • source.projectId
  • source.repoName
  • source.substitutions.key
  • source.substitutions.value
  • source.tagName

Service: cloudbuild.googleapis.com

REST API: POST /v1/{name=projects/*/locations/*/triggers/*}:run

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.RunBuildTrigger
  • source.branchName
  • source.commitSha
  • source.dir
  • source.invertRegex
  • source.projectId
  • source.repoName
  • source.substitutions.key
  • source.substitutions.value
  • source.tagName

Service: cloudbuild.googleapis.com

REST API: POST /v1/{parent=projects/*/locations/*}/triggers

RPC methods:

  • google.devtools.cloudbuild.v1.CloudBuild.CreateBuildTrigger
  • trigger.baseImage.imageName
  • trigger.bitbucketServerTriggerConfig.pullRequest.branch
  • trigger.bitbucketServerTriggerConfig.push.branch
  • trigger.bitbucketServerTriggerConfig.push.tag
  • trigger.build.artifacts.genericArtifacts.contentHandling
  • trigger.build.artifacts.genericArtifacts.folder
  • trigger.build.artifacts.genericArtifacts.registryPath
  • trigger.build.artifacts.goModules.modulePath
  • trigger.build.artifacts.goModules.moduleVersion
  • trigger.build.artifacts.goModules.sourcePath
  • trigger.build.artifacts.images
  • trigger.build.artifacts.mavenArtifacts.artifactId
  • trigger.build.artifacts.mavenArtifacts.deployFolder
  • trigger.build.artifacts.mavenArtifacts.groupId
  • trigger.build.artifacts.mavenArtifacts.path
  • trigger.build.artifacts.mavenArtifacts.pomPath
  • trigger.build.artifacts.mavenArtifacts.version
  • trigger.build.artifacts.npmPackages.archive
  • trigger.build.artifacts.npmPackages.packagePath
  • trigger.build.artifacts.npmPackages.repository
  • trigger.build.artifacts.objects.location
  • trigger.build.artifacts.objects.paths
  • trigger.build.artifacts.oci.file
  • trigger.build.artifacts.oci.registryPath
  • trigger.build.artifacts.oci.tags
  • trigger.build.artifacts.pythonPackages.paths
  • trigger.build.artifacts.testResults.bucketUri
  • trigger.build.artifacts.testResults.format
  • trigger.build.artifacts.testResults.paths
  • trigger.build.artifacts.volumes.name
  • trigger.build.artifacts.volumes.path
  • trigger.build.availableSecrets.inline.envMap.key
  • trigger.build.availableSecrets.inline.envMap.value
  • trigger.build.availableSecrets.inline.kmsKeyName
  • trigger.build.availableSecrets.secretManager.env
  • trigger.build.availableSecrets.secretManager.versionName
  • trigger.build.buildReceipt.workerDiagnostics.identityEndpointSuccesses
  • trigger.build.dependencies.empty
  • trigger.build.dependencies.genericArtifact.destPath
  • trigger.build.dependencies.genericArtifact.resource
  • trigger.build.dependencies.gitSource.depth
  • trigger.build.dependencies.gitSource.destPath
  • trigger.build.dependencies.gitSource.recurseSubmodules
  • trigger.build.dependencies.gitSource.repository.developerConnect
  • trigger.build.dependencies.gitSource.repository.proxyUrlEnabled
  • trigger.build.dependencies.gitSource.repository.url
  • trigger.build.dependencies.gitSource.revision
  • trigger.build.gitConfig.http.proxySecretVersionName
  • trigger.build.gitConfig.http.sslCaInfo
  • trigger.build.images
  • trigger.build.logsBucket
  • trigger.build.options.env
  • trigger.build.options.secretEnv
  • trigger.build.options.volumes.name
  • trigger.build.options.volumes.path
  • trigger.build.secrets.kmsKeyName
  • trigger.build.secrets.secretEnv.key
  • trigger.build.secrets.secretEnv.value
  • trigger.build.serviceAccount
  • trigger.build.source.buildConfigFileName
  • trigger.build.source.connectedRepository.dir
  • trigger.build.source.connectedRepository.repository
  • trigger.build.source.connectedRepository.revision
  • trigger.build.source.developerConnectConfig.dir
  • trigger.build.source.developerConnectConfig.gitRepositoryLink
  • trigger.build.source.developerConnectConfig.revision
  • trigger.build.source.gitSource.commitSha
  • trigger.build.source.gitSource.dir
  • trigger.build.source.gitSource.revision
  • trigger.build.source.gitSource.url
  • trigger.build.source.repoSource.branchName
  • trigger.build.source.repoSource.commitSha
  • trigger.build.source.repoSource.dir
  • trigger.build.source.repoSource.invertRegex
  • trigger.build.source.repoSource.projectId
  • trigger.build.source.repoSource.repoName
  • trigger.build.source.repoSource.substitutions.key
  • trigger.build.source.repoSource.substitutions.value
  • trigger.build.source.repoSource.tagName
  • trigger.build.source.storageSource.bucket
  • trigger.build.source.storageSource.generation
  • trigger.build.source.storageSource.object
  • trigger.build.source.storageSource.sourceFetcher
  • trigger.build.source.storageSource.stripComponents
  • trigger.build.source.storageSourceManifest.bucket
  • trigger.build.source.storageSourceManifest.generation
  • trigger.build.source.storageSourceManifest.object
  • trigger.build.steps.args
  • trigger.build.steps.dir
  • trigger.build.steps.entrypoint
  • trigger.build.steps.env
  • trigger.build.steps.id
  • trigger.build.steps.name
  • trigger.build.steps.remoteConfig
  • trigger.build.steps.results.attestationContent
  • trigger.build.steps.results.attestationType
  • trigger.build.steps.results.name
  • trigger.build.steps.script
  • trigger.build.steps.secretEnv
  • trigger.build.steps.volumes.name
  • trigger.build.steps.volumes.path
  • trigger.build.steps.waitFor
  • trigger.build.substitutions.key
  • trigger.build.substitutions.value
  • trigger.build.tags
  • trigger.cloudCode.codeReview.branch
  • trigger.cloudCode.project
  • trigger.cloudCode.repo
  • trigger.description
  • trigger.developerConnectEventConfig.gitRepositoryLink
  • trigger.developerConnectEventConfig.pullRequest.branch
  • trigger.developerConnectEventConfig.pullRequest.commentControl
  • trigger.developerConnectEventConfig.pullRequest.invertRegex
  • trigger.developerConnectEventConfig.push.branch
  • trigger.developerConnectEventConfig.push.invertRegex
  • trigger.developerConnectEventConfig.push.tag
  • trigger.dir
  • trigger.eventType
  • trigger.filename
  • trigger.gitFileSource.bitbucketServerConfig
  • trigger.gitFileSource.githubEnterpriseConfig
  • trigger.gitFileSource.path
  • trigger.gitFileSource.repoType
  • trigger.gitFileSource.repository
  • trigger.gitFileSource.revision
  • trigger.gitFileSource.uri
  • trigger.github.pullRequest.branch
  • trigger.github.push.branch
  • trigger.github.push.tag
  • trigger.gitlabEnterpriseEventsConfig.pullRequest.branch
  • trigger.gitlabEnterpriseEventsConfig.push.branch
  • trigger.gitlabEnterpriseEventsConfig.push.tag
  • trigger.gitlabEventsConfig.pullRequest.branch
  • trigger.gitlabEventsConfig.push.branch
  • trigger.gitlabEventsConfig.push.tag
  • trigger.ignoredFiles
  • trigger.includeBuildLogs
  • trigger.includedFiles
  • trigger.internalAnnotations.tags
  • trigger.name
  • trigger.repositoryEventConfig.pullRequest.branch
  • trigger.repositoryEventConfig.pullRequest.commentControl
  • trigger.repositoryEventConfig.pullRequest.invertRegex
  • trigger.repositoryEventConfig.push.branch
  • trigger.repositoryEventConfig.push.invertRegex
  • trigger.repositoryEventConfig.push.tag
  • trigger.repositoryEventConfig.repository
  • trigger.serviceAccount
  • trigger.sourceToBuild.bitbucketServerConfig
  • trigger.sourceToBuild.githubEnterpriseConfig
  • trigger.sourceToBuild.ref
  • trigger.sourceToBuild.repoType
  • trigger.sourceToBuild.repository
  • trigger.sourceToBuild.uri
  • trigger.substitutions.key
  • trigger.substitutions.value
  • trigger.tags
  • trigger.triggerTemplate.branchName
  • trigger.triggerTemplate.commitSha
  • trigger.triggerTemplate.dir
  • trigger.triggerTemplate.invertRegex
  • trigger.triggerTemplate.repoName
  • trigger.triggerTemplate.substitutions.key
  • trigger.triggerTemplate.substitutions.value
  • trigger.triggerTemplate.tagName
  • trigger.uri
  • trigger.webhookConfig.secret

Fields not intended for Sensitive data

The following table provides an illustrative list of field categories and specific fields that aren't suitable for sensitive information. To maintain compliance, avoid placing protected data in these fields. For a complete list, contact your Google Cloud representative.

Category Fields
Authentication
  • authUser
  • userOauthCode
Build/Trigger specifics
  • build.buildReceipt.buildConfigSubstitutions.value
  • build.buildReceipt.queue
  • build.options.pool.name
  • build.source.gitSource.gitCredential.password
  • build.source.gitSource.gitCredential.username
  • triggerId
Configuration
  • appConfigJson.bucket
  • appConfigJson.object
  • code
  • eventSource
  • hostUrl
  • peeredNetwork
Connection specifics
  • connection.bitbucketCloudConfig.authorizerCredential.userTokenSecretVersion
  • connection.bitbucketCloudConfig.readAuthorizerCredential.userTokenSecretVersion
  • connection.bitbucketCloudConfig.webhookSecretSecretVersion
  • connection.githubEnterpriseConfig.oauthClientIdSecretVersion
  • connection.githubEnterpriseConfig.oauthSecretSecretVersion
  • connection.gitlabConfig.readAuthorizerCredential.userTokenSecretVersion
Network configuration N/A
Repository/Project details
  • installation.repositorySettingList.repositorySettings.name
  • installation.repositorySettingList.repositorySettings.owner
  • owner
Resource identification
  • enterpriseConfigResourceName
  • id
  • name
  • parent
  • projectId
  • repo
Secret management
  • sslCa
  • webhookKey
Service/API access
  • connection.githubEnterpriseConfig.serviceDirectoryConfig.service
  • connection.gitlabConfig.serviceDirectoryConfig.service
  • gitlabConfig.secrets.apiAccessTokenVersion
  • gitlabConfig.secrets.apiKeyVersion
State management
  • etag
  • pageToken
  • state
  • updateMask.paths

What's next