Before a workload can access Google Cloud APIs, it needs to authenticate and obtain an access token. For a workload that runs on Google Cloud, we can attach a service account to the compute resource that runs the workload, and that lets the workload authenticate without any additional secrets or keys. But for IoT devices or on-premises workloads, it’s more difficult. One way to authenticate IoT devices and on-premises workloads is to let them use service account keys. However, service accou...
