You are deploying cloud infrastructure using a CI/CD system hosted on a Compute Engine instance. How can you minimize the risk of the CI/CD system's credentials being stolen?

Exam-Like

Create a dedicated Cloud Identity user account for the cluster. Use a strong self-hosted vault solution to store the user's temporary credentials.

Create a dedicated Cloud Identity user account for the cluster. Enable the constraints/iam.disableServiceAccountCreation organization policy at the project level.

Create a custom service account for the cluster. Enable the constraints/iam.disableServiceAccountKeyCreation organization policy at the project level

Create a custom service account for the cluster. Enable the constraints/iam.allowServiceAccountCredentialLifetimeExtension organization policy at the project level.

Google Professional Cloud Security Engineer

Get started today

Comments

You are deploying cloud infrastructure using a CI/CD system hosted on a Compute Engine instance. How can you minimize the risk of the CI/CD system's credentials being stolen?