Configure bring your own key BYOK for Google CDE

To leverage BYOK (bring your own key) license for Google Custom Document Extractor (CDE) processor, follow these configuration steps.

Prerequisites

Log in as the AAE_Locker_Admin user type.

Create a custom role for Credential Vault locker.
1. Provide a name for the role, such as google-cde-credential-role. The Manage my credentials and lockers permission is automatically selected.
2. Click Create role.
  
  Assign the role to the Bot creator and Unattended Bot Runner user types.
Create a credential in Credential Vault for Google service account.
1. Navigate to Manage > Credentials > Create credential.
2. Provide a name for the credential, such as google-cde-credential.
3. Provide a name for the attribute, such as ServiceAccount.
4. Select the Standard input option and enter the Google Document AI API key in the Value field.
5. Click Create credential.
Create a locker to store the key.
1. Navigate to the Lockers tab and click Create locker.
2. Provide a name for the locker, such as google-cde-locker.
3. Select the google-cde-credential and click the right arrow to move the credential to the Selected column.
4. In the Consumers tab, select the google-cde-credential-role and click the right arrow to move the credential to the Selected column.
5. Click Create locker.