🔥 3-day streak
Professional Cloud DevOps Engineer165 / 165
Question 165 of 165

Your company runs its CI/CD pipelines on an external SaaS platform (GitHub Actions) hosted outside Google Cloud. The pipelines must deploy resources into several Google Cloud projects. Your security team has issued a mandate: no long-lived service account keys may be created, stored, or distributed anywhere. You need the external pipeline to authenticate to Google Cloud and act as a service account that has deploy permissions. What should you configure?

Reviewed for accuracy · Report an issue