-
|
What's the canonical way for providing credentials for a Google provider? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
The canonical way to provide credentials for the Google provider in Terraform (and Atlantis) is to set the For improved security, especially in cloud or CI/CD environments, Google recommends using Workload Identity Federation (WIF) instead of static service account keys. WIF can be enabled by manipulating the credentials file to inject a If you can run Terraform commands manually with your credentials on the Atlantis host, Atlantis will work the same way. To reply, just mention @dosu. How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other |
Beta Was this translation helpful? Give feedback.
-
|
it seems there's native support for aws credentials being written to a file that's mounted into the pod when installing with helm. is there similar native support for a google application credentials file? @dosu |
Beta Was this translation helpful? Give feedback.
The canonical way to provide credentials for the Google provider in Terraform (and Atlantis) is to set the
GOOGLE_APPLICATION_CREDENTIALSenvironment variable to point to a Google service account JSON file on the server or container where Atlantis runs. This works the same way as running Terraform locally—if the credentials are available in the runtime environment, Atlantis will use them for Google provider authentication. You can also use GCE instance service accounts if running Atlantis on Google Cloud, which lets the provider auto-discover credentials without a key file. See the Atlantis provider credentials documentation for details.For improved security, especially in cloud or CI/C…