๐ No More Secrets ๐ Secure GCP Auth from GitHub Actions using Workload Identity Federation
In the world of CI/CD, one thing we are all tired of is managing long-lived service account keys. They are hard to rotate.. risky to store, and can lead to serious breaches if leaked! ๐ฟ In this post, I will be showing how to set up GitHub Actions + Google Cloud Workload Identity Federation (WIF) to enable secure, short-lived authentication, with no secrets stored anywhere. ๐ซ๐ ๐จ The Problem with Static Secrets It is still common to authenticate from GitHub Actions to GCP using service account keys stored as GitHub secrets: ...