Google Drive
This section will guide you through the integration of Google Drive into Kertos. This integration is partially different from the other integrations, therefore some concepts need to be tackled.
The Integration Interface
To set up the Google Drive integration, the following credentials are required.
This information can be found in the Google console as displayed below.
Authentication
The following section guides you through the process of gathering all required credentials to connect to your Google Drive instance.
API Token
Due to the extreme security measures that Google offers, accessing Google APIs from an external account may be difficult and require a certain set of permissions.
Kertos does not need to access all the data in your account, but it needs only the permission to retrieve and delete the files that are associated to the target data subject.
In order to get the necessary permissions, you can create a service account that will allow Kertos to access your data within the limits that you impose. In order to create a service account, you can follow this guide.
The newly created service account will have an email that looks like
***@***.iam.gserviceaccount.com
At this point you are ready to share the data from your Google Drive with the service account. In order to do so, you need to activate Google Drive API. You can easily follow the instruction at this link.
The next step is to associate a key to your service account so that it can be used through the API.
Go to the Service Account page in the Google console. In order to get there you can search for 'Service account' in the searchbar at the top.
Select the newly created service account (or the one you desire to use for Kertos)
Go to the tab keys. Here, all the keys associated to the account will be displayed
Create a new key or upload an existing one
If you create a new key, remember to use the JSON format. Once you click 'Create', the key will be automatically downloaded, and you can upload it to your Kertos account.
The key will be of the format
{
"type": "service_account",
"project_id": "your_project_id",
"private_key_id": "***",
"private_key": "-----BEGIN PRIVATE KEY----- CONTENT -----END PRIVATE KEY-----\n",
"client_email": "service_account_email",
"client_id": "***",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "***"
}
Copy it and paste it in the API Key input during system creation in the Kertos app.
For the identifier, you can use email. However, since Google Drive is a special system, all data passed in the request will be used, so that we will be able to thoroughly find all the information associate to the data subject.
The last step is to share data in your Google Drive with the service account. Go to the space inside your drive, where there is the folder(s) that you want to share with Kertos.
Right-click on the folder you want to share and click on 'Share'.
In the top searchbar, write the email of the service account that you previously created.
On the right, you can select the permission that will be given to the account. If you want Kertos to be able to delete the file (or folder), you need to select 'Owner'.
Once you are done, the service account will be able to access the selected folder and all the elements inside. You can also give permission only to specific files by selecting them separately.
Google Drive Search
The files and folders that will be searched in your drive are only the ones to which you gave the access through the service account. All types of files will be searched.
Only files (not folders) that satisfy the following criteria will be returned:
- The email of one of the owners matches the email of the data subject.
- At least one of the identifiers of the data subject is contained in the name of the file.
- At least one of the identifiers of the data subject is contained in the content of the file (this applies for all types of files).
The identifiers of the data subject that are being used are:
- full name (first name + last name)
- phone number
- additional identifiers
The information returned about a file is:
- id
- name
- time at which the file has been created
- time at which the file has been modified the last time
- size
- kind
- mimeType
- url to view the browser
- owners
Identifier Field
Choose between the options "Additional identifier", "Email" or "Phone", depending on which data you what to use as an identifier.
Data Retention
Some data have precise specifications as to how long they must be retained. The "Data retention" field allows you to define how long data should be retained after receiving a deletion request, to make sure all deletion requests are in compliance with the various data regulations.
Documentation
For more information, please refer to the Google Drive API documentation.