SQL sample README suggests using JSON keys against best practices #3634
Labels
priority: p2
Moderately-important priority. Fix may not be included in next release.
samples
Issues that are directly related to samples.
triage me
I really want to be triaged.
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
The README for Cloud SQL MySQL samples includes instructions to download a JSON key:
4. Create a service account following these instructions, and then grant the roles/cloudsql.client role following these instructions.
Download a JSON key to use to authenticate your connection.
The console page for downloading JSON keys includes the warning:
Service account keys could pose a security risk if compromised. We recommend you avoid downloading service account keys and instead use the Workload Identity Federation . You can learn more about the best way to authenticate service accounts on Google Cloud here.
This conflicting messaging could cause friction for new users to Google Cloud.
Recommendation:
Update the Cloud SQL sample README to replace the use of JSON keys with an alternative such as Workload Identity Federation or service account impersonation.
The text was updated successfully, but these errors were encountered: