Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable MTLS and Identity-bound token when using Google Api client libraries #1895

Closed
xmenxk opened this issue Mar 7, 2023 · 2 comments
Closed

Enable MTLS and Identity-bound token when using Google Api client libraries #1895

xmenxk opened this issue Mar 7, 2023 · 2 comments
Assignees
@codyoss
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@xmenxk
Copy link
Contributor

xmenxk commented Mar 7, 2023

Google client libraries use Application Default Credentials (ADC) to select credentials. When running in GCP the default option is getting a bearer token from metadata service, and use it over a TLS connection to Google Apis.

We can improve security by integrating with S2A, where a workload can obtain identity-bound token and use it to talk to Google Apis, over a MTLS connection.

S2A is Google's Secure Session Agent, which is part of the cloud infrastructure.
@xmenxk xmenxk added priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. labels Mar 7, 2023
@codyoss
Copy link
Member

codyoss commented Jul 22, 2024

@xmenxk is this considered done?

@xmenxk
Copy link
Contributor Author

xmenxk commented Jul 22, 2024

Yes, closing this. Thanks Cody.

@xmenxk xmenxk closed this as completed Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codyoss codyoss

Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xmenxk @codyoss