Static service account keys in CI/CD are not a convenience anymore. They are a liability.

In Google Cloud, the stronger path is clear: replace long-lived JSON keys in GitHub Actions, GitLab, and Terraform with Workload Identity Federation, short-lived tokens, and tightly scoped impersonation. Fewer secrets, smaller blast radius, better control.

https://medium.com/@aleksei.aleinikov.gr/how-to-remove-service-account-keys-from-github-actions-gitlab-and-terraform-in-google-cloud-in-a88cea0ed304

Static service account keys in CI/CD are not a convenience anymore. They are a liability.

Tags

Author

Stats

Published

You Might Also Like

Run Your Harper AI Agent on Google Cloud Vertex AI — 3 Files Changed

The GKE Upgrade That Took Down Our Production Pods for 45 Minutes

10 AWS Cost Optimization Strategies That Actually Work in 2026

🔐 IAM en AWS vs IAM en GCP: Diferencias que pueden romper tu arquitectura.

Why Companies Actually Use Multi-Cloud (And When You Shouldn't) — 2026 Strategy Guide

I compared 3,000+ cloud VMs so you don't have to — here's what actually surprised me