Add GCP Workload Identity Federation onboarding by mintlify[bot] · Pull Request #250 · porter-dev/docs

mintlify · 2026-05-13T15:11:05Z

Summary

Documents the new keyless GCP onboarding flow that ships alongside the existing service-account JSON key method.

Customers can now connect a GCP project to Porter without generating or storing a static JSON key. The new flow:

Customer enters their GCP project ID in Porter and receives a Google Cloud Shell deeplink plus a one-line setup command.
Cloud Shell clones a public Porter repo and runs a Terraform module that provisions a Workload Identity Pool, AWS-backed Provider, and porter-manager service account in the customer's project.
The bootstrap script calls back to Porter with the resulting project number, service account email, and provider name to finalize the integration.
Porter then impersonates the service account using short-lived federated credentials, with an attribute condition pinning impersonation to the customer's tenant external ID.

Restructured the GCP tab on cloud-accounts/connecting-a-cloud-account to present three options: Workload Identity Federation (recommended), automated JSON key script, and manual JSON key setup.
Added a step-by-step walkthrough of the Cloud Shell flow, an explanation of how federation works, guidance for re-running onboarding if the Cloud Shell session expires, and revocation instructions specific to the WIF resources.

porter-dev/code#5434 — feat: adds a bootstrap endpoint to finalize gcp wif <> porter integration

Generated-By: mintlify-agent

mintlify · 2026-05-13T15:11:16Z

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
porter	🟢 Ready	View Preview	May 13, 2026, 3:12 PM

Add GCP Workload Identity Federation onboarding option

f264699

Generated-By: mintlify-agent

mintlify Bot deployed to staging May 13, 2026 15:12 View deployment