SQL sample README suggests using JSON keys against best practices #3634
Assignees
Labels
priority: p2
Moderately-important priority. Fix may not be included in next release.
samples
Issues that are directly related to samples.
triage me
I really want to be triaged.
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Comments
rogerthatdev
added
priority: p2
product-auto-label
bot
added
the
samples
|
@mrfaizal do you have any insight on who might be able to assess and triage this ? Thanks |
|
@enocom another one for you if you have bandwidth |
|
cc @jackwotherspoon who's going to significantly clean up all these samples. I can grab this one as well. The README really shouldn't exist and instead just reference the public docs (where this information should live as a single source of truth). For now, I'll just clean up these items. |
enocom
added a commit
that referenced
this issue
Apr 15, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The README for Cloud SQL MySQL samples includes instructions to download a JSON key:
4. Create a service account following these instructions, and then grant the roles/cloudsql.client role following these instructions.
Download a JSON key to use to authenticate your connection.
The console page for downloading JSON keys includes the warning:
Service account keys could pose a security risk if compromised. We recommend you avoid downloading service account keys and instead use the Workload Identity Federation . You can learn more about the best way to authenticate service accounts on Google Cloud here.
This conflicting messaging could cause friction for new users to Google Cloud.
Recommendation:
Update the Cloud SQL sample README to replace the use of JSON keys with an alternative such as Workload Identity Federation or service account impersonation.
The text was updated successfully, but these errors were encountered: