Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-21138

Support Workload Identity Federation for GCP Service Accounts

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      All current documentation showcases using GCP Service Account JSON Keys for deploying with Bitbucket Pipelines Deployment. But these are notoriously insecure and hard to maintain and keep rotated.

      GCP has several different solutions detailed here. I think the right solution is for Bitbucket to support Workload Identity Federation. Bitbucket supplies the ID Token, and we authenticate our Service Account(s) with it. Then there are no keys to manage/secure/rotate.

      Attachments

        Activity

          People

            Unassigned Unassigned
            5ce39b3ae978 Jared Markell
            Votes:
            15 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated: