Hi, First, huge thanks for your help and work on this project. Have been using Airflow in prod for several years now & looking forward to making a switch. I am in the process of testing a deployment of metaflow on GCP / GKE, following the tutorial here: https://outerbounds.com/engineering/deployment/gcp-k8s/deployment/. I'm familiar with terraform & we use it for all our deployments. My question concerns a step where the deployment violates a pretty common security constraint:

constraints/iam.disableServiceAccountKeyCreation

, by asking for the key for the security account to be created & exported as part of

module.infra.google_service_account_key.metaflow_kubernetes_workload_identity_service_account_key

. My question: Is this necessary for the architecture? As described here: https://cloud.google.com/kubernetes-engine/docs/how-to/service-accounts but does not seem to require sharing keys.