DataStrict
Integrations

Integrations

Google Cloud

Deploy DataStrict on GKE or Cloud Run and enforce policy on Vertex AI and Gemini requests.

Overview

DataStrict deploys on GKE or Cloud Run inside your Google Cloud project, keeping governed traffic and the Ledger within your perimeter.

It enforces policy on Vertex AI and Gemini requests the moment they leave your application, before any prompt reaches the model.

How it works

The gateway sits between your workloads and Vertex AI. Each request is adjudicated against policy, then allowed, redacted, blocked, or escalated. Decisions are recorded to Cloud SQL for Postgres.

Callers are identified with Workload Identity, so policy binds to the service account and purpose behind every request.

Connect

Run the gateway on Cloud Run or GKE, bind a service account with access to the Vertex models you allow, and route your SDK through the gateway endpoint.

# datastrict.yaml
gateway:
  provider: vertex
  project: my-gcp-project
  location: us-central1
  ledger: postgres://ledger.internal:5432/datastrict

What you can enforce

  • Vertex AI and Gemini prompts and responses, checked against policy in real time.
  • Sensitive data redacted before it is placed in a prompt or returned to a user.
  • Tool calls scoped to identity, purpose, and jurisdiction - deny by default.
  • A tamper-evident audit trail in your own Cloud SQL instance.

Was this page helpful?