https://gerardsamuel.me/tags/authentication/Recent content in Authentication on Gerard SamuelHugo -- gohugo.ioenMon, 25 Nov 2024 13:20:59 -0500https://gerardsamuel.me/posts/how-to-configure-google-cloud-workload-identities-with-gitlab/Mon, 25 Nov 2024 13:20:59 -0500https://gerardsamuel.me/posts/how-to-configure-google-cloud-workload-identities-with-gitlab/<p>Using JSON keys to authenticate with Google Cloud is highly frowned upon. Unless you have no other <a href="https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys" target="_blank" rel="noreferrer">option</a>, Google Cloud provides a more secure means of authenticating externally executed code. My use case is for authentication in GitLab pipelines so that I can automate tasks. Think Terraform jobs or updating the files for a website stored in a Google Cloud storage bucket. I will use Google Cloud&rsquo;s Workload Identity Federation solution and the OIDC (Open ID Connect) <a href="https://openid.net/developers/how-connect-works/" target="_blank" rel="noreferrer">protocol</a> in this solution.</p>