Workload identity federation on Fly

I’d like my app to access a Google Cloud Storage bucket, and using service account keys seems to be very not-recommended. An alternative offered by the major cloud vendors seems to be Workload Identity Federation, but I can’t find any directions r.e. Fly and whether the platform supports this. Could someone point me in the right direction?

1 Like

Fly doesn’t support anything like this internally. I think for now you’d have to use service account keys. These are not terrible as you can set permissions on them.

Thanks for the reply, @joshua. I’ll go the service account key route and keep an eye out for when ya’ll add something like workload identity federation.

Just so you know, one reason service account keys are discouraged is because most people don’t have good secret management. fly secrets is actually pretty good for this.