Answer-first summary for fast verification
Answer: Configure workload identity federation to use GitHub as an identity pool provider.
The question asks for the most secure way to enable access to Google Cloud resources from GitHub Actions CI/CD pipelines. Option D (Configure workload identity federation to use GitHub as an identity pool provider) is the correct answer because it enables keyless authentication, eliminating the need for long-lived service account keys, which are vulnerable to exposure and require manual rotation. This approach leverages short-lived tokens and federated identity, aligning with security best practices. Options A and B involve creating service account keys, which are less secure due to the risk of key exposure and the operational burden of key management. Option C (GKE Workload Identity) is not applicable here as it's specific to Kubernetes workloads running on GKE, not GitHub Actions pipelines. The community discussion unanimously supports D with upvoted comments emphasizing its security advantages over service account keys.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization uses GitHub Actions as a CI/CD platform and needs to securely enable access to Google Cloud resources from the pipelines.
What should you do?
A
Create a service account key, and add it to the GitHub pipeline configuration file.
B
Create a service account key, and add it to the GitHub repository content.
C
Configure a Google Kubernetes Engine cluster that uses Workload Identity to supply credentials to GitHub.
D
Configure workload identity federation to use GitHub as an identity pool provider.
No comments yet.