Workload Identity Federation (WIF)
Workload Identity allows your workloads to access Google Cloud without Service Account keys.
It's a new way to do authentication and authorization. Before, anyone with the server account credentials can access the resource, with WIF, only certified issuer like AWS and GitHub can get a short-lived access token.
https://console.cloud.google.com/iam-admin/workload-identity-pools