github-actions[bot]
commented
6 months ago Thanks for opening this issue :+1:. The team will review it shortly.
If this is a bug report, make sure to include clear instructions how on to reproduce the problem with minimal reproducible examples, where possible. If this is a security report, please review our security policy as outlined in SECURITY.md.
If you haven't already, please take a moment to review our project's Code of Conduct document.
Feature Request I would like to authenticate Kanister using Workload Identity (for GCP) and Open ID Connect (for AWS). This allows authentication without the management of service-account keys which improves the security of the system.
Description This would need to be implemented as an alternative authentication method for the Profile resource. Currently for GCP it is required to provide a service-key. When using Workload Identity a reference to a Google SA and a K8s SA that are linked, should be enough to authenticate Kanister. This should work similar in AWS.
Current situation I believe it is possible to use Workload Identity inside the Actionset when using gcloud/gutil commands in the Blueprint as stated in this issue.
Misc Add this to the Documentation with some example.
Feel free to ask if you need any more information. Thanks in advance!