yes, of course. Service account use is a good practice.
Granting a primitive role (editor, owner, or viewer) isn’t, because the granted permissions are too broad.
In addition, to generate a service account key file, is a security problem: It’s only a file, that you can copy, send by email, push to a git repository (…) and you can easily lost the control.
you also need to keep this file secret, and, as best practice, you need to rotate this secret key at least every 90 days.
Distraction-free reading. No ads.
Organize your knowledge with lists and highlights.
Tell your story. Find your audience.
Read member-only stories
Support writers you read most
Earn money for your writing
Listen to audio narrations
Read offline with the Medium app
GDE cloud platform, Group Data Architect @Carrefour, speaker, writer and polyglot developer, Google Cloud platform 3x certified, serverless addict and Go fan.
In that regard, I totally understand the security concerns related to json key, and for that I am using .gitignore file to avoid commiting my key to github.The editor role is necessary because terraform need to manage full infrastructure.Besides, it…
--
