Skip to content
/ example-gcp-wif Public template

A working example of GCP Workload Identity Federation for GitHub Actions

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ekralc/example-gcp-wif

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.github/workflows
.github/workflows
 
 
terraform
terraform
 
 
README.md
README.md
 
 

Repository files navigation

GCP Keyless Auth from GitHub Actions

This is an example of using Workload Identity Federation on GCP to authenticate a GitHub Actions Workflow.

Authenticating workflows should be an identity problem, not a secrets problem. So this shows how to achieve it with zero long-lived JSON keys!

Read more: https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions

Usage

An example root Terraform module is in terraform/, this contains all the blocks required to authenticate workflows to a GCP project.

To run the main.yml workflow in your own repository, you'll need to set up the PROVIDER_NAME and SA_EMAIL secrets on GitHub. You can find their values in the Terraform outputs.

The example workflow proves the authentication works by listing the contents of a storage bucket.

About

A working example of GCP Workload Identity Federation for GitHub Actions

Topics

google-cloud google-cloud-platform workload-identity-federation

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages