Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Alur kerja menyediakan beberapa
fitur keamanan yang dapat Anda gunakan. Halaman
ini menjelaskan beberapa praktik terbaik keamanan yang perlu diingat saat menggunakan
Alur Kerja untuk menghindari eksposur resource Anda secara tidak sengaja ke
kerentanan.
Buat akun layanan baru dan berikan
hanya peran Identity and Access Management (IAM) yang berisi izin minimum
yang diperlukan oleh alur kerja Anda. Anda tidak boleh menggunakan akun layanan default karena
akun tersebut secara otomatis diberi peran dasar Editor dengan hak istimewa tinggi yang
menyertakan sejumlah besar izin.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[],[],null,["# Security best practices\n\nWorkflows provides several\n[security features](/workflows/docs/security-overview) that you can use. This\npage describes some security best practices to keep in mind when using\nWorkflows to avoid unintentionally exposing your resources to\nvulnerabilities.\n\n- [Follow general networking and security best practices](/architecture/framework/security).\n\n- [Create a new service account](/workflows/docs/authentication) and grant it\n only the Identity and Access Management (IAM) roles that contain the minimum permissions\n required by your workflow. You should not use the default service account since\n it is automatically granted the highly privileged Editor basic role which\n includes a large number of permissions.\n\n- [Create your workflow using Terraform](/workflows/docs/create-workflow-terraform)\n so that you can store your environment's configuration as code in a repository.\n\n- [Use customer-managed encryption keys](/workflows/docs/use-cmek) so that your\n workflow and associated data at rest are protected using an encryption key that\n only you can access.\n\n- [Set up a service perimeter with VPC Service Controls](/workflows/docs/use-vpc-service-controls)\n to mitigate data exfiltration risks.\n\n- [Use Secret Manager to secure and store sensitive data](/workflows/docs/use-secret-manager)\n such as API keys, passwords, and certificates. You can use a\n Workflows connector to access Secret Manager\n within a workflow and simplify the integration for you.\n\n- [Use Cloud Tasks to manage delivery rates](/workflows/docs/create-http-task)\n and [use Cloud Scheduler to execute workflows on a recurring schedule](/workflows/docs/schedule-workflow).\n By automating and parameterizing the deployment and execution of your workflows,\n you ensure that you can repeatedly and consistently run your services, and\n also eliminate inconsistencies between environments such as testing, staging,\n and production. Note that Workflows doesn't ensure exactly-once\n processing of duplicate requests from Cloud Tasks.\n\nWhat's next\n-----------\n\n- [Google Cloud security best practices center](/security/best-practices)"]]