diff --git a/ci-operator/step-registry/telcov10n/functional/dast/tests/telcov10n-functional-dast-tests-commands.sh b/ci-operator/step-registry/telcov10n/functional/dast/tests/telcov10n-functional-dast-tests-commands.sh
index 49e450cbb0075..82f0897e2b938 100644
--- a/ci-operator/step-registry/telcov10n/functional/dast/tests/telcov10n-functional-dast-tests-commands.sh
+++ b/ci-operator/step-registry/telcov10n/functional/dast/tests/telcov10n-functional-dast-tests-commands.sh
@@ -5,12 +5,24 @@ set -o pipefail
 export KUBECONFIG="${SHARED_DIR}/kubeconfig"
 unset NAMESPACE
 
+GCS_KEY_NAME="rapidast-sa-telco_key.json"
+GCS_KEY_ON_STEP="/var/run/telco-dast/rapidast-gcs/${GCS_KEY_NAME}"
+GCS_KEY_ON_POD="/var/run/secrets/gcs/${GCS_KEY_NAME}"
+
 # Setup
 oc new-project dast
 oc create serviceaccount rapidast -n dast
 oc adm policy add-cluster-role-to-user cluster-admin -z rapidast -n dast
 oc adm policy add-scc-to-user anyuid -z rapidast -n dast
 
+# Copy key from this step → Secret on the test cluster so RapidAST pods can mount it
+if [[ ! -r "${GCS_KEY_ON_STEP}" ]]; then
+  echo "ERROR: GCS key not found at ${GCS_KEY_ON_STEP} (check Vault sync)"
+  exit 1
+fi
+
+oc create secret generic rapidast-gcs-credentials --from-file="${GCS_KEY_NAME}=${GCS_KEY_ON_STEP}" -n dast
+
 OVERALL_RC=0
 
 while read -r OPERATOR_NAME OPERATOR_API_PATH; do
@@ -28,6 +40,10 @@ data:
   rapidast-config.yaml: |
     config:
       configVersion: 6
+      googleCloudStorage:
+        keyFile: "${GCS_KEY_ON_POD}"
+        bucketName: secaut-bucket
+        directory: "telco"
     application:
       shortName: "${OPERATOR_NAME}"
       url: "https://kubernetes.default.svc:443"
@@ -67,6 +83,9 @@ spec:
   - name: config
     configMap:
       name: rapidast-config-${OPERATOR_NAME}
+  - name: gcs-sa
+    secret:
+      secretName: rapidast-gcs-credentials
   containers:
   - name: rapidast
     image: quay.io/redhatproductsecurity/rapidast:latest
@@ -74,12 +93,16 @@ spec:
     args:
     - |
       export BEARER_TOKEN="Bearer \$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
+      sleep 3000
       rapidast.py --config /opt/rapidast/config/rapidast-config.yaml
       touch /tmp/.done
       sleep 300
     volumeMounts:
     - name: config
       mountPath: /opt/rapidast/config
+    - name: gcs-sa
+      mountPath: /var/run/secrets/gcs
+      readOnly: true
 EOF
 
   # Wait for pod to be running
diff --git a/ci-operator/step-registry/telcov10n/functional/dast/tests/telcov10n-functional-dast-tests-ref.yaml b/ci-operator/step-registry/telcov10n/functional/dast/tests/telcov10n-functional-dast-tests-ref.yaml
index a9f36f0ba6987..175577beecd9b 100644
--- a/ci-operator/step-registry/telcov10n/functional/dast/tests/telcov10n-functional-dast-tests-ref.yaml
+++ b/ci-operator/step-registry/telcov10n/functional/dast/tests/telcov10n-functional-dast-tests-ref.yaml
@@ -3,6 +3,10 @@ ref:
   from: cli
   commands: telcov10n-functional-dast-tests-commands.sh
   timeout: 4h
+  credentials:
+  - namespace: test-credentials
+    name: telco-dast-rapidast-gcs
+    mount_path: /var/run/telco-dast/rapidast-gcs
   env:
     - name: OPERATORS_DAST
       default: |