Goodbye Service Account Keys, Hello Workload Identity Federation - Building Secure Apps with GCP
Рет қаралды 5,996
Жыл бұрынTired of juggling a million service account keys for your cloud-based application? Want to up your security game without sacrificing the joy in your day? Look no further - Workload Identity Federation is here to save the day!
In this video, i cover the following:
- What is workload identity federation (workload identity pools + IAM)?
- How to set it up on GCP
- Live Example: How to use it up with a GitHub actions workflow
Workload identity federation is simply Keyless authentication for service accounts. It solves the problems of storage of access keys, distribution, and rotation using short live dynamically provided tokens to authenticate your third party applications to Google cloud platform.
To learn more, read the docs: cloud.google.com/iam/docs/wor...
Other links:
=========
Github open id connect setup: docs.github.com/en/actions/de...
Google github auth action:
github.com/google-github-acti...
Code samples repo used in this video:
github.com/galonge/udemy-kust...
==========
To learn more about kubernetes configuration management with Kustomize, see here: www.udemy.com/course/kustomiz...
@femiibrahim7645 Ай бұрын
Wow. The most explanatory video I've seen on workflow Identity Federation
@cloudtech273 6 ай бұрын
Excellent demo. Thanks !!
@rashmitrathod6873 Жыл бұрын
Thanks George for the excellent delivery and diagrams in explaining the GCP Workload Identity federation concept with the demo, it really helped in understanding end to end workflow between GitHub and GCP and the usage of WIF.
@galonge Жыл бұрын
You're very welcome! Thanks for watching!
@user-xx8fr6jv5p 11 ай бұрын
Thanks George for the wonderful explanation. I have a query related to service account key rotation how with the help of workload identity federation can this be achieved?
@user-rq2dc2xo4b 4 ай бұрын
great demo. How would you do this for an application running on a local machine. What would be the identity provider in that scenario?
@ashwinireddyaluri2534 Жыл бұрын
Can we create bulk service account keys in diff projects by using groovy script
@leandrojpg 5 ай бұрын
the json download part, if I download it can I use it in the same way I would use a service account?
@pedroandredias375 9 ай бұрын
Hi, where you found the documentation to know this sintax: ""repo:galonge/udemy-kustomize-mastery:red:refs/heads/main"?
@galonge 4 ай бұрын
HI Pedro, you can find more info on the workload identity federation docs here: cloud.google.com/iam/docs/workload-identity-federation-with-deployment-pipelines#mappings-and-conditions
Google Cloud Tech
Рет қаралды 11 М.
John Savill's Technical Training
Рет қаралды 12 М.
Cloud-Concepts
Рет қаралды 309
Cloud Monkey
Рет қаралды 10 М.
Cloud Advocate
Рет қаралды 9 М.
TheCloudBaba
Рет қаралды 401
Cloud Advocate
Рет қаралды 12 М.
Enderestories
Рет қаралды 8 МЛН