Do we need to keep the workload_identity_provider and service_account as secrets when setting up authentication via Workload Identity Federation from Github actions?
Asked
Active
Viewed 134 times
2
Hector Martinez Rodriguez
- 277
- 4
- 11
Jerry
- 60
- 1
- 5
1 Answers
5
I recommend treating those values as secrets.
Both contain sensitive information. An attacker cannot do anything with just those pieces of information.
The workload_identity_provider contains the Project Number and Pool ID. Both are sensitive information but not secrets.
The service account email address is sensitive information but not a secret.
John Hanley
- 74,467
- 6
- 95
- 159