Docs Standalone Kubernetes Tutorials Standalone Kubernetes Models Blog Enterprise Community Get Started GitHub

Google Model Armor

Google Cloud Model Armor lets you create safety templates in the Google Cloud console and apply them to LLM traffic. Model Armor sanitizes both user prompts and model responses against your configured policies, blocking content that violates your templates.

Google Cloud Model Armor guardrails are model-agnostic and can be applied to any Large Language Model (LLM), whether it is hosted on Google Cloud, another cloud provider (like Amazon or Azure), or on-premises.

Before you begin

  1. Install the agentgateway binary.

  2. Log in to Google Cloud console with Application Default Credentials.

    gcloud auth application-default login

  3. Create a Model Armor template in the Google Cloud console. For more information, see the Google Cloud documentation.

  4. Note the template ID, project ID, and the region where the template is deployed. Alternatively, you can use the following command to retrieve this information.

    gcloud model-armor templates list --location=<location>

Configure Google Model Armor

Configure the guardrails field under llm.models[] in your agentgateway configuration. You can apply Model Armor to the request phase, the response phase, or both.

cat <<'EOF' > config.yaml
# yaml-language-server: $schema=https://agentgateway.dev/schema/config
llm:
  models:
  - name: "*"
    provider: openAI
    params:
      model: gemini-1.5-flash
      apiKey: "$GOOGLE_API_KEY"
    guardrails:
      request:
      - googleModelArmor:
          templateId: <your-template-id>
          projectId: <your-project-id>
          location: <location>
          policies:
            backendAuth:
              gcp: {}
      response:
      - googleModelArmor:
          templateId: <your-template-id>
          projectId: <your-project-id>
          location: <location>
          policies:
            backendAuth:
              gcp: {}
EOF
SettingDescription
templateIdThe identifier of the Model Armor template to apply. Find this in the Google Cloud console under Security > Model Armor.
projectIdThe Google Cloud project ID where the Model Armor template is configured.
locationThe region where the Model Armor template is deployed. Defaults to us-central1.
policies.backendAuth.gcpGCP authentication configuration. Agentgateway uses the credentials available in the environment, such as Application Default Credentials.

Test the guardrail 

curl "localhost:4000/v1beta/openai/chat/completions" -H content-type:application/json  -d '{
  "model": "",
  "messages": [
   {"role": "user", "content": "I want to harm myself"}
 ]
}'

Example output:

The request was rejected due to inappropriate content%
AWS Bedrock GuardrailsCustom webhooks
Agentgateway assistant

Ask me anything about agentgateway configuration, features, or usage.

Note: AI-generated content might contain errors; please verify and test all returned information.

Tip: one topic per conversation gives the best results. Use the + button in the chat header to start a new conversation.

Switching topics? Starting a new conversation improves accuracy.
↑↓ navigate select esc dismiss

What could be improved?

Your feedback helps us improve assistant answers and identify docs gaps we should fix.

Need more help? Join us on Discord: https://discord.gg/y9efgEmppm

Want to use your own agent? Add the Solo MCP server to query our docs directly. Get started here: https://search.solo.io/.