[ithkuil]

The auth between your app and the proxy can be scoped more easily.

For example if the proxy runs in localhost you can trust the localhost workload.

Or you can use some other kind of workload identity proof (like cloud based metadata servers). If you leak such a key no other VM can use it, because it's scoped to your VM

[arianvanp]

That's not true. Both AWS' as well as GCP's workload identity tokens are not bound to the VM. If you leak the credentials they're valid until they expire. on AWS the expiry is 6 hours (non-configurable). Even if your IAM role has a shorter expiration, the credentials assumed by the VM will always be valid for 6 hours.

[ithkuil]

That entirely depends on the location of the proxy and the extra conditions you can express. E.g. you could bind it to a source IP and have the proxy check that, or use some overlay network (like tailscale does)

My point was that you don't literally have to run the proxy on localhost in order to scope the request.