Background:
During April 2026, an incident required SA keys to be created as deployment workarounds:
#33222 — ftp-poller deployment issue; SA key sa-api created as workaround
#33223 — payment-jobs unable to publish to activity and account mailer queues; SA key sa-job created as workaround. Multiple PRs were required due to instability (2369 revert gcp config → 2376 revert of revert → 2371 permission check tester)
Goal:
Remove the temporary SA keys once the underlying GCP Workload Identity / IAM configuration is confirmed stable
AC:
Feature branch created for the cleanup
Regression run in dev confirming payment-jobs can publish to AUTH_EVENT_TOPIC and ACCOUNT_MAILER_TOPIC without SA keys
ftp-poller deployment confirmed working without SA key
PR 2355 merged after regression passes
Anish (Patel) notified once keys are safe to delete
Related:
#33222, #33223
PRs: #2355, #2369 #2371, #2376, #2385
Background:
During April 2026, an incident required SA keys to be created as deployment workarounds:
#33222 — ftp-poller deployment issue; SA key sa-api created as workaround
#33223 — payment-jobs unable to publish to activity and account mailer queues; SA key sa-job created as workaround. Multiple PRs were required due to instability (2369 revert gcp config → 2376 revert of revert → 2371 permission check tester)
Goal:
Remove the temporary SA keys once the underlying GCP Workload Identity / IAM configuration is confirmed stable
AC:
Feature branch created for the cleanup
Regression run in dev confirming payment-jobs can publish to AUTH_EVENT_TOPIC and ACCOUNT_MAILER_TOPIC without SA keys
ftp-poller deployment confirmed working without SA key
PR 2355 merged after regression passes
Anish (Patel) notified once keys are safe to delete
Related:
#33222, #33223
PRs: #2355, #2369 #2371, #2376, #2385