Uploaded image for project: 'Debezium'
  1. Debezium
  2. DBZ-6885

Support for GKE workload identities

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Done
    • Major
    • 2.4.0.CR1
    • None
    • spanner-connector
    • None

    Description

      Which use case/requirement will be addressed by the proposed feature?

      We are building KafkaConnect on GKE and GKE has a mechanism to authenticate without issuing a ServiceAccount JSON key.
      https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
      Since issuing JSON keys is a security risk, we would like to support GKE workload identities with Spanner connectors.

      Implementation ideas (optional)

      https://cloud.google.com/docs/authentication

      If no JSON key is explicitly set, the Application Default Credentials mechanism can be used for proper authentication processing.

      Attachments

        Activity

          People

            Unassigned Unassigned
            laughingman7743 Tomoyuki Nakamura (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: