# Export data to Google Cloud Storage Automate recurring data exports from Stripe to your Google Cloud Storage. ## Google Cloud Storage destination Data pipeline can deliver all your Stripe data as Parquet files into your Google Cloud Storage (GCS) bucket. It includes a directory of files for each table, which is delivered and updated every 3 hours. [Watch on YouTube](https://www.youtube.com/watch?v=bVDvH0KY_ag) ## Prerequisites Before starting the integration, make sure you have access and permission to: 1. Create a Google Cloud Storage bucket. 1. Create a service account enabling Stripe to create objects in the provisioned bucket. 1. Access the Stripe Dashboard as an admin. ## Select Your Google Cloud Project 1. Go to the [Google Cloud Console](https://console.cloud.google.com/). 1. Select the project that you want to send your Stripe data to. ## Create a new Service Account and generate a JSON key 1. On the [Service Accounts](https://console.cloud.google.com/iam-admin/serviceaccounts) page, make sure you’re in the correct Google Cloud Project. 1. Click **+ CREATE SERVICE ACCOUNT**. 1. Enter a name for the service account, for example, “-stripe-data-pipeline.” 1. Add a description—for example, “This role gives Stripe access to upload data files to our bucket.” 1. Click **CREATE AND CONTINUE**. 1. In the **Select a Role** dropdown, add three roles: `Storage Object User`, `Storage Object Creator`, and `Storage Insights Collector Service`. 1. Click **DONE**. 1. For your new [Service Account](https://console.cloud.google.com/iam-admin/serviceaccounts), click **Manage keys** in the **Actions** menu. 1. Click **ADD KEY ▾** and select **Create new key**. 1. Choose **Key type JSON** and click **CREATE**. The JSON file downloads to your device. ## Create a New Bucket 1. Make sure you’re in the correct Google Cloud project by navigating to **Cloud Storage** > **Buckets** in the [Google Cloud console](https://console.cloud.google.com/storage/browser). 1. Click **+ CREATE**. 1. In the **Name** field, we recommend a name including “stripe,” such as “-stripe-data.” 1. For the **Location type**, we recommend **Multi-Regional US**. 1. For the **Storage class**, we recommend **Set a default class - Standard**. 1. For the **Access Control**, choose **Prevent public access** with **Uniform** access control. 1. Click **CREATE** button to create the bucket. 1. Select the **PERMISSIONS** tab for your newly created bucket. 1. Under **Permissions** in the **VIEW BY PRINCIPAL** tab, select the box next to the Service Account you created in the previous step. > Setting a retention policy on your bucket might cause the data exports to fail, because it restricts the ability to delete or override files in the bucket. ## Optional: Generate encryption keys Stripe offers the ability to encrypt data transfers from Stripe to your storage bucket using PGP encryption with a customer-owned key. This provides an additional layer of protection, ensuring your data remains secure in transit and at rest. While you can disable PGP encryption, doing so increases the risk of data exposure if you misconfigure something or if unauthorized parties access your bucket. Keeping encryption enabled ensures your data has the highest level of protection. 1. Open the command line interface (terminal). 1. Execute the command `gpg --full-generate-key` to create a key pair. 1. When prompted, select your preferred type, size, and expiration of the key. We suggest: - **Kind**: (1) RSA and RSA (default) - **Bit Length**: 4096 - **Key is valid for**: 0 (doesn’t expire) 1. Confirm this is correct by typing **y** and pressing **Enter**. 1. Find your account ID (`acct_1234`) at Settings > Business > Account Details and enter it as the real name. Leave the email and comments blank. 1. Type “O” and click **Enter** to confirm. 1. At the passphrase prompt, *don’t enter one*. Instead, press **Enter** and select “Yes, protection isn’t needed.” Repeat this step to confirm your choice. 1. In the output in your command line interface (terminal), locate the key you just generated and note the key ID (the long hexadecimal string at the end of the `pub` line). 1. To export the public key, enter the command `gpg --output acct_1234.key --armor --export your-key-id`, replacing `your-key-id` with the hexadecimal key ID you found in the previous step. 1. The public key file (acct_1234.key) is now saved in the current directory. > Stripe encrypts your data with a key you provide, and you decrypt in google cloud stroage. ## Establishing your Google Cloud Storage connection 1. Visit the [Data Pipeline Dashboard](https://dashboard.stripe.com/settings/stripe-data-pipeline). 1. Click **Get started**. 1. Select the Google Cloud Storage logo and click **Continue ->**. This step generates a bucket name. 1. Enter the bucket name generated in the previous step. 1. Upload your Service Account `.json` file generated earlier. 1. Select your data encryption option. If you chose to use a customer managed key, upload your public key. 1. Click the **Next** button. Clicking this button sends test data to the bucket you provided, but not production data. 1. When you confirm test data delivery, go to your [Cloud Storage bucket](https://console.cloud.google.com/storage/browser). 1. Open the bucket, go to the **penny\_test** directory, and open the **acct\_** or **org\_** prefixed sub-directory to locate the delivered `account_validation.csv` test file. 1. Click the **account\_validation.csv** file. 1. Click **DOWNLOAD**. 1. Click the **Upload the test value file** and upload the downloaded `account_validation.csv`. 1. Click **Confirm value**. 1. When you confirm the test value, click **Subscribe**. This subscribes you to the product and schedules the initial full load of data for delivery to your Google Cloud Storage bucket, a process that can take 6-12 hours. \*Google Cloud Storage is a trademark of Google LLC.