🔥 3-day streak
Professional Cloud Architect169 / 169
Question 169 of 169
A retail company runs its CI/CD pipeline on an external SaaS platform (GitHub Actions) hosted outside Google Cloud. The pipeline must deploy artifacts to Cloud Storage and update Cloud Run services in a production project. The security team has issued a policy forbidding the creation or download of long-lived service account keys, citing the risk of leaked credentials in the external system. Which approach lets the external pipeline authenticate to Google Cloud while complying with this policy?
Reviewed for accuracy · Report an issue