#Using dagger for Github Action on GCP with identity workflow federation

I'm wondering if it's easy to push the OICD Workflow Identity Federation to a dagger container to run code with GCP permissions without having to use secrets. Github Action integrates with GCP OIDC, but not sure if this would then allow a dagger process to access those credentials. Can anyone show me how to do it?

Does the GCP integration in GHA keep the credentials somewhere that you can reference using bash? i.e. storing them in a file or env var?

If so you can pass in that file or env var into your dagger function and it should just work.

You'll still have to pass a secret to your dagger pipelines which is the Github's OIDC token so you can perform the OIDC exchange against GCP

the difference is that you use scoped short-lived OIDC tokens instead of static credentials in your pipeline