Explanation:
The question asks for the most secure way to enable access to Google Cloud resources from GitHub Actions CI/CD pipelines. Option D (Configure workload identity federation to use GitHub as an identity pool provider) is the correct answer because it enables keyless authentication, eliminating the need for long-lived service account keys, which are vulnerable to exposure and require manual rotation. This approach leverages short-lived tokens and federated identity, aligning with security best practices. Options A and B involve creating service account keys, which are less secure due to the risk of key exposure and the operational burden of key management. Option C (GKE Workload Identity) is not applicable here as it's specific to Kubernetes workloads running on GKE, not GitHub Actions pipelines. The community discussion unanimously supports D with upvoted comments emphasizing its security advantages over service account keys.
Ultimate access to all questions.
No comments yet.
Your organization uses GitHub Actions as a CI/CD platform and needs to securely enable access to Google Cloud resources from the pipelines.
What should you do?
A
Create a service account key, and add it to the GitHub pipeline configuration file.
B
Create a service account key, and add it to the GitHub repository content.
C
Configure a Google Kubernetes Engine cluster that uses Workload Identity to supply credentials to GitHub.
D
Configure workload identity federation to use GitHub as an identity pool provider.