Use workload identity federation instead of credentials file for GCP

The current protocol requires providing a key for a service account so that LiveKit can generate a JWT token for Google Cloud Storage. But Google [recommends](https://cloud.google.com/iam/docs/migrate-from-service-account-keys) against using service account keys for security reasons. Instead they recommend using workload identity federation. Could LiveKit support the recommended workload identity federation for authentication with GCP?

Relevant part of LiveKit: https://github.com/livekit/storage/blob/0dabf9984ad722a495a6255aed38286c34edec17/gcp.go#L48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use workload identity federation instead of credentials file for GCP #10

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Use workload identity federation instead of credentials file for GCP #10

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions