[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[],[],null,["# Security best practices\n\nWorkflows provides several\n[security features](/workflows/docs/security-overview) that you can use. This\npage describes some security best practices to keep in mind when using\nWorkflows to avoid unintentionally exposing your resources to\nvulnerabilities.\n\n- [Follow general networking and security best practices](/architecture/framework/security).\n\n- [Create a new service account](/workflows/docs/authentication) and grant it\n only the Identity and Access Management (IAM) roles that contain the minimum permissions\n required by your workflow. You should not use the default service account since\n it is automatically granted the highly privileged Editor basic role which\n includes a large number of permissions.\n\n- [Create your workflow using Terraform](/workflows/docs/create-workflow-terraform)\n so that you can store your environment's configuration as code in a repository.\n\n- [Use customer-managed encryption keys](/workflows/docs/use-cmek) so that your\n workflow and associated data at rest are protected using an encryption key that\n only you can access.\n\n- [Set up a service perimeter with VPC Service Controls](/workflows/docs/use-vpc-service-controls)\n to mitigate data exfiltration risks.\n\n- [Use Secret Manager to secure and store sensitive data](/workflows/docs/use-secret-manager)\n such as API keys, passwords, and certificates. You can use a\n Workflows connector to access Secret Manager\n within a workflow and simplify the integration for you.\n\n- [Use Cloud Tasks to manage delivery rates](/workflows/docs/create-http-task)\n and [use Cloud Scheduler to execute workflows on a recurring schedule](/workflows/docs/schedule-workflow).\n By automating and parameterizing the deployment and execution of your workflows,\n you ensure that you can repeatedly and consistently run your services, and\n also eliminate inconsistencies between environments such as testing, staging,\n and production. Note that Workflows doesn't ensure exactly-once\n processing of duplicate requests from Cloud Tasks.\n\nWhat's next\n-----------\n\n- [Google Cloud security best practices center](/security/best-practices)"]]