Google Workspace
Required
Fields required for a valid configuration.
| Path | Type | Required | Description | Default | Constraints |
|---|---|---|---|---|---|
| required | object | Yes | — | — | — |
Masked
Sensitive fields under(secrets/credentials).
| Path | Type | Required | Description | Default | Constraints |
|---|---|---|---|---|---|
| masked | object | Yes | — | — | — |
Optional
Optional configuration fields.
| Path | Type | Required | Description | Default | Constraints |
|---|---|---|---|---|---|
| optional | object | No | — | — | no extra properties |
| optional.connection | object | No | Network and pagination controls for Drive API requests. | — | no extra properties |
| optional.connection.max_object_bytes | integer | No | Skip files larger than this many bytes (default 100 MB) | 104857600 | min 0 |
| optional.connection.max_retries | integer | No | Maximum retries on transient errors | 5 | min 0, max 10 |
| optional.connection.page_size | integer | No | Items per page for Drive API list requests | 1000 | min 1, max 1000 |
| optional.connection.timeout_seconds | integer | No | Socket timeout for Drive API operations | 30 | min 5, max 300 |
| optional.extraction | object | No | Controls which structural assets to emit and how Google-native files are handled. | — | no extra properties |
| optional.extraction.export_google_formats | boolean | No | Export Google-native files (Docs/Sheets/Slides) to Office formats for content extraction | true | — |
| optional.extraction.include_drive_metadata | boolean | No | Emit drive-level assets with metadata | true | — |
| optional.scope | object | No | Drive/folder selection and content filtering. | — | no extra properties |
| optional.scope.drive_ids | array | No | Shared drive IDs to scan (empty = all accessible shared drives) | — | — |
| optional.scope.drive_ids[] | string | No | — | — | — |
| optional.scope.exclude_file_extensions | array | No | Skip files with these extensions | — | — |
| optional.scope.exclude_file_extensions[] | string | No | — | — | — |
| optional.scope.folder_ids | array | No | Only scan these folder IDs recursively (empty = full drives) | — | — |
| optional.scope.folder_ids[] | string | No | — | — | — |
| optional.scope.include_file_extensions | array | No | Only include files with these extensions (e.g. .pdf, .docx) | — | — |
| optional.scope.include_file_extensions[] | string | No | — | — | — |
| optional.scope.include_my_drive | boolean | No | Include the authenticated/delegated user's My Drive | true | — |
| optional.scope.include_permissions | boolean | No | Include file sharing permission metadata | false | — |
| optional.scope.include_shared_drives | boolean | No | Include shared drives | true | — |
Extracted Metadata
File
| Field | Type | Required | Description |
|---|---|---|---|
| size_bytes | integer | Yes | Raw byte size of the content |
| mime_type | string | Yes | Resolved MIME type |
| parse_error | string | No | Set when content extraction failed |
| image_width | integer | No | Width in pixels |
| image_height | integer | No | Height in pixels |
| page_count | integer | No | Number of pages (pdf) |
| paragraph_count | integer | No | Number of paragraphs (docx) |
| table_count | integer | No | Number of tables (docx) |
| row_count | integer | No | Number of data rows |
| columns | object[] | No | Columns as {name, type} objects (type may be empty for csv/xlsx) |
| encoding | string | No | Detected character encoding |
| json_root_type | string | No | Root JSON type: object, array, or scalar |
| top_level_keys | integer | No | Number of top-level keys when the root is an object |
| array_length | integer | No | Length when the root is an array |
| drive_name | string | Yes | Shared drive or 'My Drive' display name |
| item_path | string | Yes | Best-effort path within the drive (folder names joined by '/') |
| web_url | string | No | Browser-accessible URL for the item (webViewLink) |
| md5_checksum | string | No | Drive-reported MD5 checksum of the file content (binary files only) |
| owner | string | No | Display name or email of the file owner |
| permissions | string[] | No | Sharing permissions on the item: list of {role, grantee_type, grantee} entries (requires include_permissions) |
| google_mime_type | string | No | Original Drive mimeType for Google-native files (e.g. application/vnd.google-apps.document) |
| exported_as | string | No | Export MIME type used to download a Google-native file, if applicable |
Image
| Field | Type | Required | Description |
|---|---|---|---|
| size_bytes | integer | Yes | Raw byte size of the content |
| mime_type | string | Yes | Resolved MIME type |
| parse_error | string | No | Set when content extraction failed |
| source_hash | string | Yes | Hash of the parent file asset |
| location | string | Yes | Location of the embedded image within the parent |
Drive
| Field | Type | Required | Description |
|---|---|---|---|
| drive_id | string | Yes | Google Drive ID (shared drive ID, or a synthetic ID for My Drive) |
| drive_name | string | Yes | Drive display name |
| drive_type | string | No | Drive type (my_drive or shared_drive) |
Examples
Domain-wide delegation scan of all shared drives
Scan every shared drive using a service account with domain-wide delegation impersonating an admin user
Config Payload
{
"type": "GOOGLE_WORKSPACE",
"required": {
"auth_method": "service_account",
"delegated_subject": "[email protected]"
},
"masked": {
"service_account_json": "{\"type\": \"service_account\", \"project_id\": \"example-project\", \"private_key_id\": \"...\", \"private_key\": \"-----BEGIN PRIVATE KEY-----\\n...\\n-----END PRIVATE KEY-----\\n\", \"client_email\": \"[email protected]\", \"client_id\": \"1234567890\"}"
},
"optional": {
"scope": {
"include_my_drive": false,
"include_shared_drives": true
},
"extraction": {
"include_drive_metadata": true,
"export_google_formats": true
}
},
"sampling": {
"strategy": "AUTOMATIC"
},
"detectors": [
{
"type": "PII",
"enabled": true
},
{
"type": "SECRETS",
"enabled": true
}
]
}Schedule
{
"enabled": true,
"preset": "nightly",
"cron": "20 1 * * *",
"timezone": "UTC"
}OAuth refresh-token scan of specific folders
Scan a fixed set of Drive folders using a user-authorized OAuth refresh token, with random sampling
Config Payload
{
"type": "GOOGLE_WORKSPACE",
"required": {
"auth_method": "oauth",
"client_id": "1234567890-abcdefg.apps.googleusercontent.com"
},
"masked": {
"client_secret": "your-oauth-client-secret",
"refresh_token": "1//your-refresh-token"
},
"optional": {
"scope": {
"folder_ids": [
"1AbCdEfGhIjKlMnOpQrStUvWxYz01234",
"1ZyXwVuTsRqPoNmLkJiHgFeDcBa98765"
],
"include_my_drive": true,
"include_shared_drives": false
}
},
"sampling": {
"strategy": "RANDOM",
"rows_per_page": 25
},
"detectors": [
{
"type": "PII",
"enabled": true
}
]
}Schedule
{
"enabled": true,
"preset": "weekly",
"cron": "15 3 * * 0",
"timezone": "UTC"
}Service account scan of specific drives with permissions
Scan named shared drives with a service account, including sharing permissions and extension filtering
Config Payload
{
"type": "GOOGLE_WORKSPACE",
"required": {
"auth_method": "service_account"
},
"masked": {
"service_account_json": "{\"type\": \"service_account\", \"project_id\": \"example-project\", \"private_key_id\": \"...\", \"private_key\": \"-----BEGIN PRIVATE KEY-----\\n...\\n-----END PRIVATE KEY-----\\n\", \"client_email\": \"[email protected]\", \"client_id\": \"1234567890\"}"
},
"optional": {
"scope": {
"drive_ids": [
"0AbCdEfGhIjKlMnOpQrStUvWxYz01234",
"0ZyXwVuTsRqPoNmLkJiHgFeDcBa98765"
],
"include_my_drive": false,
"include_permissions": true,
"include_file_extensions": [
".pdf",
".docx",
".xlsx"
]
},
"connection": {
"page_size": 500
}
},
"sampling": {
"strategy": "ALL"
},
"detectors": [
{
"type": "PII",
"enabled": true
},
{
"type": "SECRETS",
"enabled": true
}
]
}Schedule
{
"enabled": true,
"preset": "weekday_morning",
"cron": "0 6 * * 1-5",
"timezone": "UTC"
}