Configure data locality by using regional endpoints
Stay organized with collections
Save and categorize content based on your preferences.
This page describes the global and regional service endpoints for the
Secure Source Manager control plane.
A service endpoint is a base URL that specifies the network address of an
API service. The Secure Source Manager control plane has both global and
regional endpoints.
Global endpoint: By default, Secure Source Manager sends API requests to
the global endpoint, securesourcemanager.googleapis.com. Global endpoints
don't guarantee that in-transit data remains in a particular location and
can retrieve Secure Source Manager data from any supported region. Your data
might be processed outside the region where it is stored.
Regional endpoint: A service endpoint that enforces regional restrictions,
ensuring that in-transit data remains in a particular location. A regional
endpoint only allows requests to proceed if the affected resource exists in
the location specified by the endpoint. Regional endpoints use the following
format:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Configure data locality by using regional endpoints\n\nThis page describes the global and regional service endpoints for the\nSecure Source Manager control plane.\n\nA **service endpoint** is a base URL that specifies the network address of an\nAPI service. The Secure Source Manager control plane has both global and\nregional endpoints.\n\n- **Global endpoint** : By default, Secure Source Manager sends API requests to\n the global endpoint, `securesourcemanager.googleapis.com`. Global endpoints\n don't guarantee that in-transit data remains in a particular location and\n can retrieve Secure Source Manager data from any supported region. Your data\n might be processed outside the region where it is stored.\n\n- **Regional endpoint**: A service endpoint that enforces regional restrictions,\n ensuring that in-transit data remains in a particular location. A regional\n endpoint only allows requests to proceed if the affected resource exists in\n the location specified by the endpoint. Regional endpoints use the following\n format:\n\n `securesourcemanager.`\u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e`.rep.googleapis.com`.\n\n For a list of supported regions, see [Locations](/secure-source-manager/docs/locations).\n\nConsider using regional endpoints in the following situations:\n\n- You are storing data in multiple locations and want to optimize latency,\n reliability, and availability.\n\n- You need to comply with data locality policies or regulations that require\n you to process your data in the same location where the data is stored.\n\nSupported commands\n------------------\n\nYou can use regional endpoints to run commands for instances, locations,\nand operations.\n\nSpecify a regional endpoint\n---------------------------\n\n### gcloud\n\nYou can override the global endpoint with a regional endpoint for Secure Source Manager commands.\n\n\u003cbr /\u003e\n\nMake sure you're using the Google Cloud CLI 402.0.0 or newer.\n\n\nBefore using any of the command data below,\nmake the following replacements:\n\n- \u003cvar class=\"edit\" scope=\"LOCATION\" translate=\"no\"\u003eLOCATION\u003c/var\u003e: the [region](/secure-source-manager/docs/locations) where the instance is located.\n\n\nExecute the\n\nfollowing\n\ncommand:\n\n#### Linux, macOS, or Cloud Shell\n\n**Note:** Ensure you have initialized the Google Cloud CLI with authentication and a project by running either [gcloud init](/sdk/gcloud/reference/init); or [gcloud auth login](/sdk/gcloud/reference/auth/login) and [gcloud config set project](/sdk/gcloud/reference/config/set). \n\n```bash\ngcloud config set api_endpoint_overrides/securesourcemanager https://securesourcemanager.LOCATION.rep.googleapis.com\n```\n\n#### Windows (PowerShell)\n\n**Note:** Ensure you have initialized the Google Cloud CLI with authentication and a project by running either [gcloud init](/sdk/gcloud/reference/init); or [gcloud auth login](/sdk/gcloud/reference/auth/login) and [gcloud config set project](/sdk/gcloud/reference/config/set). \n\n```bash\ngcloud config set api_endpoint_overrides/securesourcemanager https://securesourcemanager.LOCATION.rep.googleapis.com\n```\n\n#### Windows (cmd.exe)\n\n**Note:** Ensure you have initialized the Google Cloud CLI with authentication and a project by running either [gcloud init](/sdk/gcloud/reference/init); or [gcloud auth login](/sdk/gcloud/reference/auth/login) and [gcloud config set project](/sdk/gcloud/reference/config/set). \n\n```bash\ngcloud config set api_endpoint_overrides/securesourcemanager https://securesourcemanager.LOCATION.rep.googleapis.com\n```\n\n### REST\n\nUse the regional endpoint in your commands instead of the global endpoint. For example, the following command list details for all repositories in a specified region for a specified instance.\n\n\u003cbr /\u003e\n\n\nBefore using any of the request data,\nmake the following replacements:\n\n- \u003cvar class=\"edit\" scope=\"LOCATION\" translate=\"no\"\u003eLOCATION\u003c/var\u003e: the [region](/secure-source-manager/docs/locations) where the instance is located.\n- \u003cvar class=\"edit\" scope=\"INSTANCE_ID\" translate=\"no\"\u003eINSTANCE_ID\u003c/var\u003e: the name of the instance.\n- \u003cvar class=\"edit\" scope=\"PROJECT_ID\" translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the project ID of the project where the instance is located.\n\n\nHTTP method and URL:\n\n```\nGET https://securesourcemanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/instances?instance_id=INSTANCE_ID\n```\n\nTo send your request, expand one of these options:\n\n#### curl (Linux, macOS, or Cloud Shell)\n\n| **Note:** The following command assumes that you have logged in to the `gcloud` CLI with your user account by running [`gcloud init`](/sdk/gcloud/reference/init) or [`gcloud auth login`](/sdk/gcloud/reference/auth/login) , or by using [Cloud Shell](/shell/docs), which automatically logs you into the `gcloud` CLI . You can check the currently active account by running [`gcloud auth list`](/sdk/gcloud/reference/auth/list).\n\n\nExecute the following command:\n\n```\ncurl -X GET \\\n -H \"Authorization: Bearer $(gcloud auth print-access-token)\" \\\n \"https://securesourcemanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/instances?instance_id=INSTANCE_ID\"\n```\n\n#### PowerShell (Windows)\n\n| **Note:** The following command assumes that you have logged in to the `gcloud` CLI with your user account by running [`gcloud init`](/sdk/gcloud/reference/init) or [`gcloud auth login`](/sdk/gcloud/reference/auth/login) . You can check the currently active account by running [`gcloud auth list`](/sdk/gcloud/reference/auth/list).\n\n\nExecute the following command:\n\n```\n$cred = gcloud auth print-access-token\n$headers = @{ \"Authorization\" = \"Bearer $cred\" }\n\nInvoke-WebRequest `\n -Method GET `\n -Headers $headers `\n -Uri \"https://securesourcemanager.LOCATION.rep.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/instances?instance_id=INSTANCE_ID\" | Select-Object -Expand Content\n```\n\nYou should receive a successful status code (2xx) and an empty response.\n\n### Terraform\n\n\nTo learn how to apply or remove a Terraform configuration, see\n[Basic Terraform commands](/docs/terraform/basic-commands).\n\n\nFor more information, see the\n[Terraform provider reference documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs).\n\nUse the API override to set the regional endpoint.\n\n\u003cbr /\u003e\n\nBefore using any of the command data below, make the following replacements:\n\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the [region](/secure-source-manager/docs/locations) where the instance is located.\n\n provider \"google\" {\n secure_source_manager_custom_endpoint = \"https://securesourcemanager.\u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e.rep.googleapis.com/v1/\"\n }\n\n### Client Libraries\n\nSee [Secure Source Manager client libraries](/secure-source-manager/docs/reference/libraries)\nfor instructions to install client libraries and set up authetication.\n\nEach client library provides a way to override the default endpoint with a\nregional endpoint.\n\n- **C++** : Use the struct `EndpointOption`. The Secure Source Manager\n [client library documentation](/cpp/docs/reference/securesourcemanager/latest/securesourcemanager-override-endpoint) includes an example that\n overrides the default endpoint with the Private Google Access endpoint, but\n you can use the same approach to set a regional endpoint as the default.\n\n- **Go** : Use the `endpoint` client option. See the\n [Endpoint Override](https://pkg.go.dev/cloud.google.com/go#hdr-Endpoint_Override) section of the Go client library\n documentation for more information and an example.\n\n- **Python** : Use the `api_endpoint` parameter of the `ClientOptions` class\n to override the default endpoint with a regional endpoint. See the\n [ClientOptions](https://googleapis.dev/python/google-api-core/latest/client_options.html#google.api_core.client_options.ClientOptions) documentation for more information and\n examples.\n\n\n\u003cbr /\u003e\n\nWhat's next\n-----------\n\n- View [supported locations](/secure-source-manager/docs/locations)."]]
