Add ability to use GKE workload identity

avaly / gcp-secret-manager-buildkite-plugin

A Buidkite plugin to read secrets from GCP Secret Manager into environment variables

MIT License

9 stars 6 forks source link

Add ability to use GKE workload identity #1

Open bluemalkin opened 3 years ago

bluemalkin commented 3 years ago

Instead of setting and passing a credentials_file it would be great to not require it so that we can use GKE workload identity (https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity).

For example I run buildkite in Google Kubernetes Engine using Workload Identity which maps the permissions of the k8s service account to the gcp service account.

bluemalkin commented 2 years ago

@avaly any luck with this ?

avaly commented 2 years ago

@bluemalkin I haven't had time to look into this. If you have such a working setup already, I suggest trying to open a PR for it.

nate-thirdwave commented 1 year ago

@bluemalkin You might want to check out the v1.1.1 or later and see if it does what you're needing now.