Your organization is using GitHub Actions as a continuous integration and delivery (CI/CD) platform. You must enable access to Google Cloud resources from the CI/CD pipelines in the most secure way.
What should you do?
A.
Create a service account key, and add it to the GitHub pipeline configuration file.
B.
Create a service account key, and add it to the GitHub repository content.
C.
Configure a Google Kubernetes Engine cluster that uses Workload Identity to supply credentials to GitHub.
D.
Configure workload identity federation to use GitHub as an identity pool provider.
The most secure way to enable access to Google Cloud resources from CI/CD pipelines using GitHub Actions is:
D. Configure workload identity federation to use GitHub as an identity pool provider.
Workload Identity Federation allows you to configure Google Cloud to trust external identity providers. In this case, GitHub Actions can be set up as an identity pool provider, so you can federate identities between GitHub and Google Cloud. This eliminates the need to create and manage service account keys, which is generally considered less secure and requires more operational overhead like key rotation. With workload identity federation, the process is more secure and streamlined.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Pime13
4 months, 2 weeks agoArizonaClassics
8 months agocyberpunk21
8 months, 1 week agoMithung30
8 months, 3 weeks agopfilourenco
8 months, 4 weeks ago