Why should I use WIF instead of JSON service account keys?

Workload Identity Federation (WIF) eliminates the need for long-lived secrets, reducing the risk of credential leaks by using short-lived OIDC tokens for authentication.

Does this skill help with Vertex AI deployments?

Yes, it includes specific templates and validation checks for deploying, monitoring, and health-checking Vertex AI agents via GitHub Actions.

What permissions does the validator look for in my YAML files?

It specifically checks for 'id-token: write' permissions, which are mandatory for OIDC-based authentication between GitHub and Google Cloud.

Can it detect existing security flaws in my repository?

Yes, the skill can scan your .github/workflows/ directory for hardcoded secrets, insecure IAM roles, and the presence of JSON credential files.

GitHub Actions GCP Validator

Name: GitHub Actions GCP Validator
Author: BbgnsurfTech

byBbgnsurfTech

•

배포 및 DevOps

Validates and secures GitHub Actions workflows for Google Cloud and Vertex AI deployments using Workload Identity Federation.

소개

This skill streamlines the creation and auditing of CI/CD pipelines between GitHub and Google Cloud Platform (GCP). It enforces modern security best practices by migrating workflows away from insecure JSON service account keys toward Workload Identity Federation (WIF) and OIDC-based authentication. The validator automatically scans workflow files for vulnerabilities, ensures least-privilege IAM configurations, and provides ready-to-use templates for deploying Vertex AI agents, helping developers build robust, compliant, and automated deployment pipelines.

주요 기능

3 GitHub stars
Validates OIDC permissions and id-token: write settings in workflow files
Generates secure deployment templates for Vertex AI and Google Cloud services
Enforces Workload Identity Federation (WIF) to eliminate static service account keys
Automates security scans for secrets and vulnerabilities using TruffleHog and Trivy
Verifies least-privilege IAM roles to prevent unauthorized GCP access

사용 사례

Setting up a secure OIDC-based connection between GitHub and Google Cloud Platform
Auditing existing GitHub Actions for security vulnerabilities and hardcoded secrets
Automating the deployment of Vertex AI models and agents with built-in health checks

소개

주요 기능

3 GitHub stars
Validates OIDC permissions and id-token: write settings in workflow files
Generates secure deployment templates for Vertex AI and Google Cloud services
Enforces Workload Identity Federation (WIF) to eliminate static service account keys
Automates security scans for secrets and vulnerabilities using TruffleHog and Trivy
Verifies least-privilege IAM roles to prevent unauthorized GCP access

사용 사례

Setting up a secure OIDC-based connection between GitHub and Google Cloud Platform
Auditing existing GitHub Actions for security vulnerabilities and hardcoded secrets
Automating the deployment of Vertex AI models and agents with built-in health checks