Workload Identity Federation (WIF)

Workload Identity allows your workloads to access Google Cloud without Service Account keys.

It's a new way to do authentication and authorization. Before, anyone with the server account credentials can access the resource, with WIF, only certified issuer like AWS and GitHub can get a short-lived access token.

https://console.cloud.google.com/iam-admin/workload-identity-pools

• YouTube: What is Workload Identity Federation?
• YouTube How to use Github Actions with Google's Workload Identity Federation