Hi, we are using Bitbucket Pipelines for our CI/CD engine, and it works
great with Google App Engine. However, there appears to be one significant
security flaw with GCP.
We need to permission a service account to deploy our application and the
only permission that appears to work is Project Owner. The keys are
secured, but if, somehow, someone were to gain access to this service
account, they could delete our entire project, which also includes our
database and a few other mission critical resources.
It would be much safer if we could deploy our application with granular
permissions like GAE Deployer and GCS Admin, which we have tried to use
unsuccessfully. We also tried to create a custom App Engine role, which
granted all permissions, but the permissions still failed us. Does anyone
have any suggestions?
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.