Enable MTLS and Identity-bound token when using Google Api client libraries #1895
Labels
priority: p3
Desirable enhancement or fix. May not be included in next release.
type: feature request
‘Nice-to-have’ improvement, new feature or different behavior or design.
Google client libraries use Application Default Credentials (ADC) to select credentials. When running in GCP the default option is getting a bearer token from metadata service, and use it over a TLS connection to Google Apis.
We can improve security by integrating with S2A, where a workload can obtain identity-bound token and use it to talk to Google Apis, over a MTLS connection.
S2A is Google's Secure Session Agent, which is part of the cloud infrastructure.
The text was updated successfully, but these errors were encountered: