Skip to Content
SourcesGoogle Workspace

Google Workspace

Required
Fields required for a valid configuration.
PathTypeRequiredDescriptionDefaultConstraints
requiredobjectYes
Masked
Sensitive fields under(secrets/credentials).
PathTypeRequiredDescriptionDefaultConstraints
maskedobjectYes
Optional
Optional configuration fields.
PathTypeRequiredDescriptionDefaultConstraints
optionalobjectNono extra properties
optional.connectionobjectNoNetwork and pagination controls for Drive API requests.no extra properties
optional.connection.max_object_bytesintegerNoSkip files larger than this many bytes (default 100 MB)104857600min 0
optional.connection.max_retriesintegerNoMaximum retries on transient errors5min 0, max 10
optional.connection.page_sizeintegerNoItems per page for Drive API list requests1000min 1, max 1000
optional.connection.timeout_secondsintegerNoSocket timeout for Drive API operations30min 5, max 300
optional.extractionobjectNoControls which structural assets to emit and how Google-native files are handled.no extra properties
optional.extraction.export_google_formatsbooleanNoExport Google-native files (Docs/Sheets/Slides) to Office formats for content extractiontrue
optional.extraction.include_drive_metadatabooleanNoEmit drive-level assets with metadatatrue
optional.scopeobjectNoDrive/folder selection and content filtering.no extra properties
optional.scope.drive_idsarrayNoShared drive IDs to scan (empty = all accessible shared drives)
optional.scope.drive_ids[]stringNo
optional.scope.exclude_file_extensionsarrayNoSkip files with these extensions
optional.scope.exclude_file_extensions[]stringNo
optional.scope.folder_idsarrayNoOnly scan these folder IDs recursively (empty = full drives)
optional.scope.folder_ids[]stringNo
optional.scope.include_file_extensionsarrayNoOnly include files with these extensions (e.g. .pdf, .docx)
optional.scope.include_file_extensions[]stringNo
optional.scope.include_my_drivebooleanNoInclude the authenticated/delegated user's My Drivetrue
optional.scope.include_permissionsbooleanNoInclude file sharing permission metadatafalse
optional.scope.include_shared_drivesbooleanNoInclude shared drivestrue
Extracted Metadata

File

FieldTypeRequiredDescription
size_bytesintegerYesRaw byte size of the content
mime_typestringYesResolved MIME type
parse_errorstringNoSet when content extraction failed
image_widthintegerNoWidth in pixels
image_heightintegerNoHeight in pixels
page_countintegerNoNumber of pages (pdf)
paragraph_countintegerNoNumber of paragraphs (docx)
table_countintegerNoNumber of tables (docx)
row_countintegerNoNumber of data rows
columnsobject[]NoColumns as {name, type} objects (type may be empty for csv/xlsx)
encodingstringNoDetected character encoding
json_root_typestringNoRoot JSON type: object, array, or scalar
top_level_keysintegerNoNumber of top-level keys when the root is an object
array_lengthintegerNoLength when the root is an array
drive_namestringYesShared drive or 'My Drive' display name
item_pathstringYesBest-effort path within the drive (folder names joined by '/')
web_urlstringNoBrowser-accessible URL for the item (webViewLink)
md5_checksumstringNoDrive-reported MD5 checksum of the file content (binary files only)
ownerstringNoDisplay name or email of the file owner
permissionsstring[]NoSharing permissions on the item: list of {role, grantee_type, grantee} entries (requires include_permissions)
google_mime_typestringNoOriginal Drive mimeType for Google-native files (e.g. application/vnd.google-apps.document)
exported_asstringNoExport MIME type used to download a Google-native file, if applicable

Image

FieldTypeRequiredDescription
size_bytesintegerYesRaw byte size of the content
mime_typestringYesResolved MIME type
parse_errorstringNoSet when content extraction failed
source_hashstringYesHash of the parent file asset
locationstringYesLocation of the embedded image within the parent

Drive

FieldTypeRequiredDescription
drive_idstringYesGoogle Drive ID (shared drive ID, or a synthetic ID for My Drive)
drive_namestringYesDrive display name
drive_typestringNoDrive type (my_drive or shared_drive)
Examples
Domain-wide delegation scan of all shared drives
Scan every shared drive using a service account with domain-wide delegation impersonating an admin user

Config Payload

{
  "type": "GOOGLE_WORKSPACE",
  "required": {
    "auth_method": "service_account",
    "delegated_subject": "[email protected]"
  },
  "masked": {
    "service_account_json": "{\"type\": \"service_account\", \"project_id\": \"example-project\", \"private_key_id\": \"...\", \"private_key\": \"-----BEGIN PRIVATE KEY-----\\n...\\n-----END PRIVATE KEY-----\\n\", \"client_email\": \"[email protected]\", \"client_id\": \"1234567890\"}"
  },
  "optional": {
    "scope": {
      "include_my_drive": false,
      "include_shared_drives": true
    },
    "extraction": {
      "include_drive_metadata": true,
      "export_google_formats": true
    }
  },
  "sampling": {
    "strategy": "AUTOMATIC"
  },
  "detectors": [
    {
      "type": "PII",
      "enabled": true
    },
    {
      "type": "SECRETS",
      "enabled": true
    }
  ]
}

Schedule

{
  "enabled": true,
  "preset": "nightly",
  "cron": "20 1 * * *",
  "timezone": "UTC"
}
OAuth refresh-token scan of specific folders
Scan a fixed set of Drive folders using a user-authorized OAuth refresh token, with random sampling

Config Payload

{
  "type": "GOOGLE_WORKSPACE",
  "required": {
    "auth_method": "oauth",
    "client_id": "1234567890-abcdefg.apps.googleusercontent.com"
  },
  "masked": {
    "client_secret": "your-oauth-client-secret",
    "refresh_token": "1//your-refresh-token"
  },
  "optional": {
    "scope": {
      "folder_ids": [
        "1AbCdEfGhIjKlMnOpQrStUvWxYz01234",
        "1ZyXwVuTsRqPoNmLkJiHgFeDcBa98765"
      ],
      "include_my_drive": true,
      "include_shared_drives": false
    }
  },
  "sampling": {
    "strategy": "RANDOM",
    "rows_per_page": 25
  },
  "detectors": [
    {
      "type": "PII",
      "enabled": true
    }
  ]
}

Schedule

{
  "enabled": true,
  "preset": "weekly",
  "cron": "15 3 * * 0",
  "timezone": "UTC"
}
Service account scan of specific drives with permissions
Scan named shared drives with a service account, including sharing permissions and extension filtering

Config Payload

{
  "type": "GOOGLE_WORKSPACE",
  "required": {
    "auth_method": "service_account"
  },
  "masked": {
    "service_account_json": "{\"type\": \"service_account\", \"project_id\": \"example-project\", \"private_key_id\": \"...\", \"private_key\": \"-----BEGIN PRIVATE KEY-----\\n...\\n-----END PRIVATE KEY-----\\n\", \"client_email\": \"[email protected]\", \"client_id\": \"1234567890\"}"
  },
  "optional": {
    "scope": {
      "drive_ids": [
        "0AbCdEfGhIjKlMnOpQrStUvWxYz01234",
        "0ZyXwVuTsRqPoNmLkJiHgFeDcBa98765"
      ],
      "include_my_drive": false,
      "include_permissions": true,
      "include_file_extensions": [
        ".pdf",
        ".docx",
        ".xlsx"
      ]
    },
    "connection": {
      "page_size": 500
    }
  },
  "sampling": {
    "strategy": "ALL"
  },
  "detectors": [
    {
      "type": "PII",
      "enabled": true
    },
    {
      "type": "SECRETS",
      "enabled": true
    }
  ]
}

Schedule

{
  "enabled": true,
  "preset": "weekday_morning",
  "cron": "0 6 * * 1-5",
  "timezone": "UTC"
}