Hi, there are issues on the JIRA tracker that have been closed relating to supporting GCP Workload Identity with Mongo CSFLE, however I don’t see much in the docs that show how that works.
Was that implemented and released in the go driver? (which version)
If so, Can someone help me confirm how to configure the KMS providers in the GO SDK to use Workload Identity?
Hi Lance_Blais! We plan to release GCP Workload Identity support in Go Driver 1.17.0, but only for client authentication. We do not currently have any planned work to add Workload Identity support to KMS providers.
Hi @Steve_Silvester , thanks for the reply. Do you have any documentation for what you will support?
Will I be able to use the go SDK without exporting a service account key?
If it helps, I’m trying to connect from a GKE federated service account.
Hi @Lance_Blais, the documentation is in progress, we have an open PR that documents GKE support using only the Go Driver (no SDK), but you could use the SDK instead of reading the file location manually as done in this example. In either case, no service accout key needs to be provided to the driver or SDK.