Hi all - I’m starting to setup the bones for a GCP based project. We’ll be running our pipeline with a Gitlab repository backend - pushing to a GCP project and letting the runners automate off the GCP bucket/project we’re pushing them too.
So far we have a GCP service account to use (albeit may need permissions adjusted) and a cloud storage bucket set up to push a project into via terraform/see if we can get a terraform yml to push to it.
Obviously I don’t want to pull the actual hard json credentials of the GCP service account we’re using - which leaves me some questions for the actual validation.
I’m using the GCP CFT Project Factory module to create a project internal to our bucket - but what would be the best practices to tell Gitlab to use the GCP service account without creating a hard JSON? Where should this authentification be stored (Yml/other tf file?)
Thanks for any input/advice