Does rclone support using GKE Workload Identity

Hi All,

I'm using GKE and rclone as my initContainer to pull some data from GCP buckets. For that I am using the service account key (json key) from my rclone secret which is working fine, now if I use Google Workload Identity and have a service account linked with the GCP creds, how can I refer this config from my rclone secret ? Is this possible from rclone ?

Is it possible to use GKE workload identity where one doesn't need to create json key but use a service account and authenticate to the GCP buckets ?

There is a bit about this in the google cloud storage docs so I think it can be made to work in theory by not providing any auth for rclone. That said, neither of the links in the docs look very useful or even sensible.

The code for this was added in googlecloudstorage: fall back to default application credentials · rclone/rclone@e9a45a5 · GitHub and it uses the DefaultClient call to do its thing. Whether this will work for you, I don't know!