Hi Team,

We have implemented WIF (Workload Id Federation) in our application and chose Azure Active Directory (Entra ID) as Identity Provider for Open ID Connector. Everything works well (Thanks to google) but facing challenges in rotating key in every 180 days. This time, we need to rotate Azure Client Secrete (registered as thirdparty app) instead of rotating GCP Service Account keys.

My understanding was, GCP recommends WIF solution for the following problems:

1.  To have strong security mechanism between consumer and provider while communicating with external services

2. Service keys needs to be rotated every 60 days which is more of operational overhead

But not able to resolve 2nd problem statement using GCP's WIF solution. Just wanted to check, is there any solution to avoid rotating keys in this situation?

Regards,

Sravan