Reputation: 33
How to set up gcloud to use credentials from identity federation with OIDC
On this page, it is explained how to set up workload identity federation and how to use it with the (Python) client libraries.
This is done by setting the GOOGLE_APPLICATION_CREDENTIALS environment variable. However, this does not work for the gcloud SDK itself, as this uses other methods for configuring credentials.
Normally, using a service account key, one would run gcloud auth activate-service-account [ACCOUNT] --key-file=KEY_FILE, but this does not work for workload identity federation credentials.
How can you set up gcloud to use workload identity federation from an OIDC identity provider?
Upvotes: 1
Views: 1113
Answers (1)
Reputation: 33
Starting from gcloud SDK version 363.0.0, this can now be done using the --cred-file flag:
gcloud auth login --cred-file=/path/to/workload/identity/config/file
(You might need to add a --brief flag as well)
Note: earlier versions might work as well as it was already present but undocumented before 363.0.0
Source: https://cloud.google.com/sdk/docs/release-notes#36300_2021-11-02
Upvotes: 2
Related Questions
- How to invoke gcloud with service account impersonation
- GCP workload identity federation - Github provider - 'Unable to acquire impersonated credentials'
- GCP workload identity federation with Azure
- Gitlab connection to GCP Workload Identity Federation return invalid_grant
- Authenticate Google-Cloud-Storage in Python using Workload Identity Federation
- How to configure google identity platform with CLI sdk?
- GCP endpoint integration with identity platform
- Error: (gcloud.auth.print-identity-token) No identity token can be obtained from the current credentials
- GCP Federation/Hybrid Identity options
- Google Cloud SDK Authentication