Using workload identity federation, we can let Azure-hosted applications authenticate to Google Cloud using their managed identity, no service account keys required. More specifically, we can configure the Google Cloud client libraries so that they don’t look for a service account key, but instead obtain an Azure access token and exchange it against a Google Cloud access token. Setting up workload identity federation with Azure typically involves 4 steps: Creating an app registration in Ent...
