See the supported connectors for Application Integration.

Manage regions

Application Integration is regional, which means the infrastructure that runs your integrations is located in a specific region, and Google manages it so that it is available redundantly across all of the zones within that region. Apart from selecting the initial provisioning region for Application Integration during the setup process, you can also enable or provision new regions to create and manage your integrations within the same Google Cloud project.

This page describes the steps needed to successfully provision a new Application Integration region and edit an exiting region in your Google Cloud project.

Provision new region

To provision a new region for Application Integration in your Google Cloud project, perform the following steps:

In the Google Cloud console, go to the Application Integration page.
Go to Application Integration
In the navigation menu, click Regions
The Regions page appears listing all the regions provisioned in your project.
Click Provision new region.
Configure the following fields in the Provision new region page:
1. Region: Select the new regional location that you want to provision.
  For information about the supported Application Integration regions, see Application Integration locations.
2. Advanced settings: Optionally, expand and select the encryption method that you want to use in the selected region. You can choose one of the following methods:
  - Google-managed encryption key: This is the default encryption method. Use this method if you want Google to manage the encryption keys that protect your data in the selected region.
  - Customer-managed encryption key (CMEK): Use this method if you want to control and manage the encryption keys that protect your data in the selected region.
    Caution: Enabling CMEK encryption for an Application Integration region cannot be undone. This also means that you can't change/switch the encryption method for a region once CMEK is enabled.
    1. Click Select a customer-managed key and choose an existing CMEK key available in the selected region. You can also create a new key or use the Key resource ID of your existing key.
    2. Click Verify to check if your default service account has cryptokey access to the selected CMEK key.
    3. If the verification for the selected CMEK key fails, click Grant to assign the CryptoKey Encrypter/Decrypter IAM role to the default service account.
      Tip: Granting cryptokey access is an optional step, which means that you can directly click Done to complete the Application Integration setup process. However, if you did not grant cryptokey access, authentication profiles for Application Integration will not be configured, and you'll have to manually grant this access when creating a new authentication profile.
    For more information about CMEK, see Customer-managed encryption keys.
Click Done.

Edit region

You can edit an existing region to enable or disable integration governance, and to update the data encryption method for the region.

To edit an existing region in Application Integration, perform the following steps:

In the Google Cloud console, go to the Application Integration page.
Go to Application Integration
In the navigation menu, click Regions.
The Regions page appears, listing the provisioned regions in Application Integration.
For the existing region that you want to edit, in the Actions column, click Region actions and select Edit.
The Edit region pane appears.
Expand Advanced settings.
To enable or disable integration governance for the selected region, click the Enable governance toggle.
Note:
- Enabling governance makes service account authentication mandatory for the region. Once governance is enabled, you must manually add a service account to all the new integrations and integration versions created in this region. You can change or update the service account details of an integration any time from the Integration settings pane in the integration toolbar.
  If governance is enabled, you can only publish or test an integration when a service account attached to it.
- If you are disabling governance for the selected region, then all the existing published integrations will continue to use their respective attached service accounts until a new version of the integrations are created.
To enable masking for variables, in the Variable Masking section, click the Enable Variable Masking in logs toggle. This feature is in preview.
For information about masking, see Mask sensitive data in logs.
To enable CMEK encryption for selected region, select Customer-managed encryption key (CMEK), and do the following:
1. Select a CMEK key from the available drop-down list. The CMEK keys listed in the drop-down are based on the provisioned region. To create a new key, see Create new CMEK key.
2. Click Verify to check if your default service account has cryptokey access to the selected CMEK key.
3. If the verification for the selected CMEK key fails, click Grant to assign the CryptoKey Encrypter/Decrypter IAM role to the default service account.
Click Done to complete editing the region.