Set up Google Cloud voices for Lirivo

Choose a route

What Lirivo needs

At the end of setup, Lirivo needs a service-account JSON file. Think of it as a key for one app-specific Google identity. It lets Lirivo call Google Cloud directly from your iPhone without using a Lirivo-operated backend.

For generated audio, Lirivo also needs one of these storage arrangements:

Leave output bucket blank

Lirivo derives and creates a managed bucket for the current Google project. This is easiest, but the service account needs broader Cloud Storage permissions, such as roles/storage.admin.

Enter an exact bucket name

You create the bucket yourself, grant object access to the service account, and enter the same bucket name in Lirivo. The bucket can have any valid globally unique name. Do not include gs://.

If Lirivo's managed-bucket naming changes in a future app version, the explicit bucket-name path still works because the contract is the same: the bucket exists, the service account can manage objects in it, and the exact bucket name is saved in Lirivo.

Before you start

• A Google account that can access Google Cloud Console.
• A Google Cloud project with billing enabled.
• Permission to enable APIs, create service accounts, create service-account keys, and grant IAM roles.
• About 10 to 20 minutes with Cloud Shell if your Google Cloud account is already ready.

Cloud providers are optional. Lirivo does not sell Google Cloud credits; Google usage, quotas, billing, free-tier eligibility, and API availability belong to your Google Cloud account.

CLI setup with your own bucket

Use this route when you want narrower storage permissions. The script creates a dedicated bucket, gives the service account object access only on that bucket, and prints the bucket name to enter in Lirivo.

PROJECT_ID="your-google-cloud-project-id"
SERVICE_ACCOUNT_ID="lirivo-tts"
SERVICE_ACCOUNT_EMAIL="$SERVICE_ACCOUNT_ID@$PROJECT_ID.iam.gserviceaccount.com"
BUCKET_NAME="lirivo-tts-audio-$PROJECT_ID"
BUCKET_LOCATION="US"
KEY_FILE="$HOME/lirivo-google-service-account.json"

gcloud config set project "$PROJECT_ID"

gcloud services enable \
  texttospeech.googleapis.com \
  storage.googleapis.com

gcloud iam service-accounts create "$SERVICE_ACCOUNT_ID" \
  --display-name="Lirivo Text-to-Speech"

gcloud storage buckets create "gs://$BUCKET_NAME" \
  --project="$PROJECT_ID" \
  --location="$BUCKET_LOCATION" \
  --uniform-bucket-level-access

gcloud storage buckets add-iam-policy-binding "gs://$BUCKET_NAME" \
  --member="serviceAccount:$SERVICE_ACCOUNT_EMAIL" \
  --role="roles/storage.objectUser"

gcloud projects add-iam-policy-binding "$PROJECT_ID" \
  --member="serviceAccount:$SERVICE_ACCOUNT_EMAIL" \
  --role="roles/texttospeech.editor"

gcloud iam service-accounts keys create "$KEY_FILE" \
  --iam-account="$SERVICE_ACCOUNT_EMAIL"

echo "Import this JSON file into Lirivo:"
echo "$KEY_FILE"
echo "Enter this exact Google Output Bucket name in Lirivo:"
echo "$BUCKET_NAME"

The bucket name can be anything valid and globally unique. If you change BUCKET_NAME, enter the changed name exactly in Lirivo. Use only the bucket name, not gs:// and not a URL.

Optional Gemini TTS add-on for CLI

Run this only if you want the service account to be ready for Gemini TTS voices. Ordinary Google voices do not need this permission.

gcloud services enable aiplatform.googleapis.com

gcloud projects add-iam-policy-binding "$PROJECT_ID" \
  --member="serviceAccount:$SERVICE_ACCOUNT_EMAIL" \
  --role="roles/aiplatform.user"

Gemini TTS is most useful when you want to tell the voice how to read: try calmer delivery for dense notes, clearer pronunciation for technical terms, or translating first and listening to the translation. In Lirivo, Gemini voices are for direct playback experiments, not generated long-audio jobs. Google's current Cloud Text-to-Speech pricing page lists Gemini TTS free usage as not available, so check pricing before using it heavily.

Manual Console setup

Use this section if you prefer clicking through Google Cloud Console, or if an administrator needs to review each grant.

1. Step 1

   Choose the project and enable APIs

   Open Google Cloud Console, select the project, confirm billing is enabled, then enable Cloud Text-to-Speech API and Cloud Storage API.

2. Step 2

   Create the service account

   Open IAM & Admin, Service Accounts, then create a dedicated service account such as lirivo-tts. Do not give it Owner or Editor.

3. Step 3A

   Simpler storage: grant Storage Admin

   If you want Lirivo to create the bucket, grant the service account Storage Admin on the project. In Lirivo, leave the Google output bucket field blank.

4. Step 3B

   Tighter storage: create a bucket yourself

   If you want narrower storage permissions, create one Cloud Storage bucket for Lirivo, open that bucket's Permissions, and grant the service account Storage Object User. In Lirivo, enter that exact bucket name.

5. Step 4

   Grant long-audio access

   For generated long audio, grant the current Google Text-to-Speech Editor role if it is visible in your project. Google's access-control page says Text-to-Speech IAM roles apply to the Long Audio Synthesis API, not the original synchronous synthesis API.

6. Step 5

   Create the JSON key

   Open the service account, go to Keys, choose Add key, Create new key, select JSON, and create the key. Google downloads the file once. Keep it private.

7. Step 6

   Enter the values in Lirivo

   Import or paste the service-account JSON in Lirivo. If you created the bucket yourself, also save the exact bucket name. If you granted Storage Admin for the managed-bucket path, leave the output bucket field blank.

The Google pieces in plain language

Google Cloud project

Workspace and billing container. Lirivo's Google usage, APIs, quotas, and billing are attached to this project.

Service account

App-specific identity. Lirivo uses it to call Google Cloud without your personal Google password.

Service-account JSON

Private key file for the service account. Anyone with the file can use the permissions you granted, so treat it like a password.

Storage Admin

Broader role that lets Lirivo create and manage its Cloud Storage bucket. Easiest for a dedicated Lirivo project, but broader than bucket-level object access.

Storage Object User

Narrower bucket-level role. Good when you create the bucket yourself and enter that bucket name in Lirivo.

Text-to-Speech Editor

Google's long-audio Text-to-Speech role. Ordinary short synthesis uses Cloud Text-to-Speech API access; long-audio jobs may need this role.

Secondary API-key path

An API key is a lighter Google setup path for people who specifically want it. It is not the recommended full setup, and it does not unlock long-audio generation, managed buckets, service-account IAM, or the full Google feature set.

1. In Google Cloud Console, select your project and enable Cloud Text-to-Speech API.
2. Open APIs & Services, Credentials, then choose Create credentials and API key.
3. Restrict the key where practical. At minimum, restrict API usage to Cloud Text-to-Speech API.
4. In Lirivo, save the key in the Google Cloud API Key section.

This path has lighter support from Lirivo than the service-account path and may change in a future version.

Troubleshooting

Official references

• Cloud Text-to-Speech documentation
• Cloud Text-to-Speech pricing
• Cloud Text-to-Speech IAM access control
• Gemini TTS for Cloud Text-to-Speech
• Create service accounts
• Create and delete service-account keys
• Create Cloud Storage buckets
• Cloud Storage IAM roles
• Google Cloud CLI documentation