2026-06-13
Keyless GCP Secrets in GitHub Actions: Workload Identity, Scoped to One Secret
Drop the service-account JSON key. Federate GitHub Actions into GCP with OIDC, then scope the service account to read one named secret — not the whole project.
9 min2026-02-22Google's GAIL Certification: Useful Strategy, Thin Engineering
Notes on Google's GAIL certification from a platform engineer: useful for strategy conversations, thin on the messy reality of shipping AI.
12 min2025-09-10GKE to AWS Identity Federation: A Guide to Keyless Access
Run workloads on GKE and access AWS without static keys. This guide shows how to federate a Kubernetes service account into an AWS IAM role.
7 min2021-03-01gRPC on Cloud Run
Cloud Run supports gRPC out of the box — once you understand how it handles TLS and HTTP/2. Here's the full picture, in Go.
3 min