Replacing Static GCP Credentials in CI/CD with Workload Identity Federation
Replacing Static GCP Credentials in CI/CD with Workload Identity Federation Part 1 of 2 — Concepts and Architecture If your GitHub Actions workflows authenticate to GCP using a stored secret — a service account key JSON, a FIREBASE_TOKEN, or any other long-lived credential — you have a static credential problem. It doesn’t matter what format the credential is in. The issue is that it exists at rest, in GitHub, and was generated by a person who may no longer work there. ...