CircleCI recently began supporting OIDC, similarly to GitHub Actions and other CI providers (https://circleci.com/docs/2.0/openid-connect-tokens/). The current GCP orbs use service account keys, whereas the GCP GitHub Actions use OIDC as best practices indicate. I'm not comfortable recommending these orbs to the rest of my team until they use OIDC instead of requiring service account private key management. Thank you!
Jaryt
commented
1 year ago
CircleCI recently began supporting OIDC, similarly to GitHub Actions and other CI providers (https://circleci.com/docs/2.0/openid-connect-tokens/). The current GCP orbs use service account keys, whereas the GCP GitHub Actions use OIDC as best practices indicate. I'm not comfortable recommending these orbs to the rest of my team until they use OIDC instead of requiring service account private key management. Thank you!