[BCLOUD-21138] Support Workload Identity Federation for GCP Service Accounts

Type: Suggestion
Resolution: Unresolved
Component/s: Pipelines - Deployments
Labels:
None

Support reference count:
2
Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

All current documentation showcases using GCP Service Account JSON Keys for deploying with Bitbucket Pipelines Deployment. But these are notoriously insecure and hard to maintain and keep rotated.

GCP has several different solutions detailed here. I think the right solution is for Bitbucket to support Workload Identity Federation. Bitbucket supplies the ID Token, and we authenticate our Service Account(s) with it. Then there are no keys to manage/secure/rotate.

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Jared Markell

Votes:: 18 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 16/Jun/2021 9:29 PM

Updated:: Yesterday 4:02 AM

Details

Description

Attachments

Forms

Activity

People

Dates