What is recommended use of Service account Key to access GCP Storage from another CSP

avindia · August 30, 2024, 1:29am

Sequence flow on how Service account is used to access GCP bucket from Other Cloud
How to secure pvt key ( secret management)
How to rotate Key on expiration with automation

Is Service Account Key = PVT Key = Key from RSA Key Pair ?

Note: I do not want to use external iDP

DamianS · September 2, 2024, 4:59am

Hello @avindia ,Welcome on Google Cloud Community.

You should not use Service Keys for that. You should use Workload Identity Federation. Service Keys are good for testing and IF you have proper key rotation policy in place. But for production load, use Workload Identity Federation. More info here: https://cloud.google.com/iam/docs/workload-identity-federation

–
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost

avindia · September 2, 2024, 7:19am

Thanks it seems using workload identity federation is not used by my Client Org due to complexity with iDP. Hence I would like to see automation option for key rotation and save pvt key using some secrets management. I am also exploring if “Short Lived credentials” can be used instead or Service account impersonation is something make more sense

Topic		Replies	Views
Hybrid: Service Account Keys Management Knowledge Hub apigee	0	16	August 16, 2021
What is the best way to access all your projects and their Keys in GCP Compute Infrastructure infrastructure-general	1	30	September 20, 2021
file syn from on premise to GCP bucket Compute Infrastructure	1	12	November 20, 2023

What is recommended use of Service account Key to access GCP Storage from another CSP

AI Suggested topics