gcp-vault icon indicating copy to clipboard operation
gcp-vault copied to clipboard

Published 20 hours ago verified publisher icon nytimes

fyi point of optimization

Open adityanatraj opened this issue 2 years ago • 0 comments

since most (if not all?) gcp services are now being run within infrastructure that has a colocated metadata server, there are two things that can change here that make this faster:

  1. not using the IAM server to sign JWTs but use the JWTs the metadata server can make you special for vault
  2. by doing (1) you no longer need to figure out the service account email so you can skip a call to the metadata server for the email (if you've been using that)

simply doing (1) should also speed things up because it's the difference between going somewhere to get something and having it next to you.

adityanatraj avatar Mar 23 '22 22:03 adityanatraj