We've always had to create service account keys for authentication of workloads against Google Batch/GLS.

This isn't ideal due to service account keys being highly sensitive credentials, and the difficulty in rotating keys and updating them in Seqera Platform / Tower.

I'd love to see Seqera Platform offer support for Google's Workload Federated ID, which will mean no longer having to create service account keys and upload them as credentials. I see you are rolling out something similar for Azure Entra (beta) in Seqera Platform?

This will allow us to continue to adhere to SecOps best practices, and ensure the risk of leaked keys is kept to a minimum.