|
|
|
|
|
|
by agwa
136 days ago
|
|
|
Having the customer send me the key is less secure because that key never gets rotated. Google wants to discourage long-lived credentials so badly that new organizations can't even create service account keys by default anymore. Having the customer grant permission to a single master service account is vulnerable to confused deputy attacks. In any case, why should I have to pursue "other solutions" to something that's in their documentation? |
|
|