Your application requires service accounts to be authenticated to GCP products via credentials stored on its host Compute Engine virtual machine instances. You want to distribute these credentials to the host instances as securely as possible. What should you do?
A) Use HTTP signed URLs to securely provide access to the required resources.
B) Use the instance's service account Application Default Credentials to authenticate to the required resources.
C) Generate a P12 file from the GCP Console after the instance is deployed, and copy the credentials to the host instance before starting the application.
D) Commit the credential JSON file into your application's source repository, and have your CI/CD process package it with the software that is deployed to the instance.

Question

Quizplus · Accepted Answer

Using the instance's service account Application Default Credentials is the most secure method as it leverages the built-in authentication mechanism provided by GCP, avoiding the need to manually handle and distribute sensitive credential files.

Your Application Requires Service Accounts to Be Authenticated to GCP