Skip to content

Support for WID Principals ? #2527

New issue
New issue
Open
Open
Support for WID Principals ?#2527
Assignees
hessjcg
Labels
type: questionRequest for information or clarification.
@dirsigler

Description

@dirsigler
dirsigler
opened on Dec 23, 2025

Question

As documented in the official documentation, Workload Identity identities like serviceAccount:PROJECT_ID.svc.id.goog[NAMESPACE/KUBERNETES_SERVICE_ACCOUNT] are considered legacy.

It is recommend to use Principals or PrincipalSets. Is there any way the CloudSQL Proxy can support IAM authentication based on IAM Principals ?

In best case I would prefer to deploy my service applications with IAM Principals and stripping away all the individual GSAs of applications. Then have the App Principals act as one central IAM GSA to authenticate based on impersonation.

Code



Additional Details


No response
Metadata
Metadata
Assignees
Labels
type: questionRequest for information or clarification.
Type
No type
Projects
No projects
Milestone
No milestone
Relationships
None yet
Development
No branches or pull requests
Issue actions