SPIFFE-GCP-PROXY | Unable to run spiffe proxy in on-prem server to connect GCP

Hi

we are using https://github.com/GoogleCloudPlatform/professional-services/tree/main/tools/spiffe-gcp-proxy 
to setup workload identity provider.
To attest on-prem workload and establish a connectivty to GCP to fetch tokens .

Unfortunately the steps are not clear w.r.t Spiffe-proxy installation and further steps on attesting workloads.

When I try to run the proxy binary with required parameters, it runs in background and I tried to fetch token using

$curl -v "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/workload-identity@dev-data-01.iam.gserviceaccount.com/token" -H "Metadata-Flavor: Google"

It returns
![image](https://github.com/user-attachments/assets/75f591ed-e37f-41c2-b5ec-92a3db0d1b03)

Query:
1.How we know following steps are executed without errors
![image](https://github.com/user-attachments/assets/610e7924-40fd-440b-8821-9d8a612965ee)

2.How to implement this entire setup in an automated way, like github action etc.,

Any help would be much appreciated!





Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SPIFFE-GCP-PROXY | Unable to run spiffe proxy in on-prem server to connect GCP #1350

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

SPIFFE-GCP-PROXY | Unable to run spiffe proxy in on-prem server to connect GCP #1350

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions