Reputation: 53
Why service account based authentication is preferred over user accounts
I have seen many places in GCP documentation that service account based authentication is recommended over user account based. I couldn't find what is the actual reason behind it
Upvotes: 1
Views: 129
Answers (1)
Reputation: 81336
Imagine that you have a service A running on compute A. You want service A to communicate with another service B running on compute B AND you want to use some form of protection (authorization) to only allow A and B to communicate and return errors for everything else.
If you use User Authentication, a person must be involved to authorize communication. Not practical for programs running on computers in the cloud.
Google implemented service accounts to provide authorization of machine to machine communication. The secrets are stored in a file. These secrets create a Token that is passed between services.
Upvotes: 2
Related Questions
- GCP default service accounts best security practices
- What are the differences between GCP service accounts and user accounts?
- GCP Authentication OAuth vs Service Accounts
- What is the point of "Service Account User" role if it's not for impersonation?
- What is significant difference in GCP default service account & custom service account?
- Difference between Google managed service account and default service account in GCP
- What is the difference between service account and service agent in GCP
- Alternative to Google service accounts
- Service accounts permissions
- Google Cloud Service Account VS. End User Account