Add Service Account impersonation in GCP as a new authentication method #4006
Labels
feature-request
New feature request for Prowler.
provider/gcp
Issues/PRs related with the Google Cloud Platform provider
severity/low
Bug won't result in any noticeable breakdown of the execution.
status/needs-triage
Issue pending triage
New feature motivation
Add service account impersonation in GCP as a new authentication method in Prowler.
Solution Proposed
Adding the flag
--impersonate-service-account <target service account email>
Describe alternatives you've considered
Instead of saving credentials file or run prowler inside GCP workload (for the metadata server option), add the mentioned authentication method.
This is actually security best practice so it should be high priority because now the
credentials.json
approach have private keys on the machines which is not a good idea.Additional context
Thanks to Ben Lahav via Slack for the idea!
The text was updated successfully, but these errors were encountered: