Practicing The Principle Of Least Privilege With Cloud Build And Artifact Registry
People often use Cloud Build and Artifact Registry in tandem to build and store software artifacts – these include container images, to be sure, but also OS packages and language specific packages. Consider a venn diagram where these same users are also users who use the Google Cloud project as a shared, multi-tenant environment. Because a project is a logical encapsulation for services like Cloud Build and Artifact Registry, administrators of these services want to apply the principle of least privilege in most cases.Of the numerous benefits from practicing this, reducing the blast radius of misconfigurations or malicious users is…
Share