Deploy Syntic Code on Google Cloud
For teams whose development platform runs on Google Cloud, Syntic Code fits naturally onto Compute Engine instances, Cloud Workstations, and Cloud Build or self-hosted runners. As everywhere else, the CLI reaches the Syntic model over the network through api.syntic.ai or your gateway. This page covers running syntic on Google Cloud compute, not hosting the model there.
Where the CLI runs
The most common placements are Cloud Workstations that give each developer a managed environment, Compute Engine VMs backing remote workspaces, and Cloud Build steps or self-hosted runners for automation. Install the pinned syntic binary into your workstation image or VM startup process so instances come up ready. Building the CLI into a golden image keeps launches fast and makes upgrades a deliberate, reviewable change to the image pipeline.
Credentials on Google Cloud
Keep the Syntic credential out of images and startup scripts. Store it in Secret Manager, grant the instance’s service account access to only that secret, and load it at boot:
export SYNTIC_API_KEY="$(gcloud secrets versions access latest \
--secret=syntic-api-key)"Give each workload a dedicated service account with the narrowest role that lets it read its own secret, and use separate credentials for automation so a pipeline cannot act as a developer. Rotate the stored secret on a schedule.
Networking and scale
VMs without external IPs reach the internet through Cloud NAT or your egress proxy, so allow api.syntic.ai, or your gateway host, on those paths. VPC Service Controls and firewall rules should permit exactly that endpoint and nothing broader than necessary. As usage grows, funnel all Syntic Code traffic through an internal LLM gateway to centralize key management, quotas, and logging, and pin the binary version in your image build so every workstation and runner behaves identically.