> Workload Identity allows your workloads to access Google Cloud without Service Account keys. It's a new way to do authentication and authorization. Before, anyone with the server account credentials can access the resource, with WIF, only certified issuer like AWS and GitHub can get a short-lived access token. https://console.cloud.google.com/iam-admin/workload-identity-pools - [YouTube: What is Workload Identity Federation?](https://youtu.be/4vajaXzHN08) - [YouTube How to use Github Actions with Google's Workload Identity Federation](https://youtu.be/ZgVhU5qvK1M)