0

We have a running application in an on-prem server. I would like to create an application which reads BigQuery table from GCP.

I have been restricted to use Service account key and that is not the best way of authenticate my application too right?

So googled and came to know about this "Google Workload Federation Identity".

But I am unaware that it asks for issuer URL and provider attributes which has be filled while creating.

unknown fields

Can anyone help me like, what is this issuer(URL) and how to get it?

So far I have created a workload Identity Pool.

arudsekaberne
  • 830
  • 4
  • 11
  • Workload Identity Federation exchanges credentials from an identity provider for Google credentials. The URL is the endpoint for the identity provider (AWS, Azure, GitHub, etc.). – John Hanley Jun 08 '23 at 04:33
  • Hi @JohnHanley, I have seen like few peoples has deployed their code in github and used github issuer url according. But in my case the codes are setup in the server itself. – arudsekaberne Jun 08 '23 at 05:14
  • Where is the server running? If you are using a Google Cloud Compute Engine VM, you do not need a service account JSON key file or Workload Identity Federation. Use the VM's credentials from the metadata server. Edit your post to clearly specify what you are trying to do. I recommend reviewing how authorization is performed in Google Cloud. Before posting questions here, read this [guide](https://stackoverflow.com/help/how-to-ask). – John Hanley Jun 08 '23 at 05:18

0 Answers0