Do you have a microservice that is going to be consumed by various clients running on Google Compute Engine (GCE) instances in a VPC? Those clients are other microservices or applications running on instances. Sounds like normal service-to-service connectivity, right?
In Google Cloud Platform (GCP), we can expose our microservice using the API Gateway. API keys or service accounts are used to handle authentication in the API Gateway, depending on the use case. API keys are primarily used for identification and are covered in our previous article on Managing Google Cloud API Keys using Terraform. This time, we’re going to focus on service accounts and how to use them to sign JSON Web Tokens.