The current protocol requires providing a key for a service account so that LiveKit can generate a JWT token for Google Cloud Storage. But Google recommends against using service account keys for security reasons. Instead they recommend using workload identity federation. Could LiveKit support the recommended workload identity federation for authentication with GCP?
Relevant part of LiveKit:
|
jwtConfig, err := google.JWTConfigFromJSON([]byte(conf.CredentialsJSON), storageScope) |
The current protocol requires providing a key for a service account so that LiveKit can generate a JWT token for Google Cloud Storage. But Google recommends against using service account keys for security reasons. Instead they recommend using workload identity federation. Could LiveKit support the recommended workload identity federation for authentication with GCP?
Relevant part of LiveKit:
storage/gcp.go
Line 48 in 0dabf99