Google Cloud Professional Cloud Security Engineer — Question 220

Your organization is using GitHub Actions as a continuous integration and delivery (CI/CD) platform. You must enable access to Google Cloud resources from the CI/CD pipelines in the most secure way.

What should you do?

Answer options

• A. Create a service account key, and add it to the GitHub pipeline configuration file.
• B. Create a service account key, and add it to the GitHub repository content.
• C. Configure a Google Kubernetes Engine cluster that uses Workload Identity to supply credentials to GitHub.
• D. Configure workload identity federation to use GitHub as an identity pool provider.

Correct answer: D

Explanation

The correct answer is D because configuring workload identity federation allows GitHub to authenticate to Google Cloud without needing to manage service account keys, enhancing security. Options A and B involve creating and managing service account keys, which can lead to security vulnerabilities if they are exposed. Option C, while it provides a method to supply credentials, does not utilize the more secure approach of workload identity federation.