Stay organized with collections
Save and categorize content based on your preferences.
This page explains how to enable Binary Authorization in your deployer project.
You first create or select a project. You enable Binary Authorization in the
Google Cloud project where you deploy containers. This is the same project
where you run your
supported platforms,
such as Google Kubernetes Engine (GKE), Cloud Run, or
Google Distributed Cloud.
To enable Binary Authorization, follow these steps:
Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
In the Google Cloud console, on the project selector page,
select or create a Google Cloud project.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis guide details how to enable Binary Authorization within your Google Cloud deployer project.\u003c/p\u003e\n"],["\u003cp\u003eBinary Authorization is enabled in the same Google Cloud project where you run supported container platforms like GKE, Cloud Run, or Google Distributed Cloud.\u003c/p\u003e\n"],["\u003cp\u003eEnabling Binary Authorization involves following a set of steps, after which it is ready to be set up with your container management platform.\u003c/p\u003e\n"],["\u003cp\u003eRemoving or altering the Binary Authorization Service Agent's roles can result in authorization failures due to permission issues.\u003c/p\u003e\n"]]],[],null,["# Enable the Binary Authorization service\n\nThis page explains how to enable Binary Authorization in your deployer project.\n\nYou first create or select a project. You enable Binary Authorization in the\nGoogle Cloud project where you deploy containers. This is the same project\nwhere you run your\n[supported platforms](/binary-authorization/docs/overview#supported_platforms),\nsuch as Google Kubernetes Engine (GKE), Cloud Run, or\nGoogle Distributed Cloud.\n\nTo enable Binary Authorization, follow these steps:\n\n- Sign in to your Google Cloud account. If you're new to Google Cloud, [create an account](https://console.cloud.google.com/freetrial) to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the Binary Authorization API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=binaryauthorization.googleapis.com&redirect=https://console.cloud.google.com)\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the Binary Authorization API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=binaryauthorization.googleapis.com&redirect=https://console.cloud.google.com)\n-\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n- If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n-\n To [initialize](/sdk/docs/initializing) the gcloud CLI, run the following command:\n\n ```bash\n gcloud init\n ```\n\nBinary Authorization is enabled. You can now set it up with your container\nmanagement platform.\n| **Warning:** If you remove Binary Authorization Service Agent or change its roles, Binary Authorization fails due to missing permissions.\n\nWhat's next\n-----------\n\n- [Set up Binary Authorization continuous validation with GKE](/binary-authorization/docs/quickstart-cv) ([Preview](/products#product-launch-stages))\n- [Set up Binary Authorization enforcement with GKE](/binary-authorization/docs/setting-up)\n- [Set up Binary Authorization with Cloud Run](/binary-authorization/docs/run/enabling-binauthz-cloud-run)\n- [Set up Binary Authorization with Distributed Cloud](/binary-authorization/docs/setting-up-on-prem)"]]