🔥 3-day streak
Professional Cloud Security Engineer76 / 152
Question 76 of 152

Your company runs its CI/CD pipeline on an external SaaS platform (GitHub Actions) that is outside Google Cloud. The pipeline needs to deploy artifacts to a Cloud Storage bucket and update a Cloud Run service in your Google Cloud project. Your security team has a strict policy prohibiting the creation and download of long-lived service account keys. What is the most secure approach to grant the external pipeline access to these Google Cloud resources?

Reviewed for accuracy · Report an issueNext question