Skip to Main Content
IBM Data and AI Ideas Portal for Customers


This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:


Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,


Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Employees should enter Ideas at https://ideas.ibm.com


Status Planned for future release
Created by Guest
Created on Aug 16, 2024

How can we use Workload Identity Federation(WIF) to access GCP from IBM CDC?

As present we are using Service Account json key to access the GCP from IBM CDC and that json key used to expire every 90 days which has to manually configure everytime in CDC side.

Due to this there is going be huge impact to the Production replication process. When the key expires the connection will be lost from CDC to GCP and access server will go down and the entire replication process will failed state until we got the new json key from GCP platform team and configure in the CDC.

We came to know there is one more feature available in GCP which is called Workload Identity Federation(WIF) which eliminates the maintenance and security burden associated with service account keys. 
To access the SA using WIF, the GCP platform team will provide the below inputs:
1. Client id
2. Client secret id
3. JSON file with the WIF details for SA. 

We need understand from IBM side that, whether the CDC tool have the option to use this WIF to access GCP. If so, please provide the steps/procedures, how to use the same features in the current CDC version.

Looking forward to get a solution for WIF features from IBM.

Needed By Not sure -- Just thought it was cool
  • Admin
    Davendra Paltoo
    Reply
    |
    Nov 8, 2024

    IBM update.

    After review, we think that the requirement is valid. We plan to provide a solution for use of WIF to access GCP from CDC. We will provide more updates as work progresses.

  • Admin
    Davendra Paltoo
    Reply
    |
    Nov 4, 2024

    Thanks for the feedback!

  • Guest
    Reply
    |
    Oct 29, 2024

    Yes, WIF will have a permanent access token, which GCP team will provide us and it will never expires. But it has to refresh every 15-30 mins to keep active the communication channel as the token will active for ~60 mins. In CDC tool it should be enabled to use WIF feature to communicate to GCP BQ.


    In the other hand Service account json key has expire period of 90 days, because of this they advised to use WIF to avoid any sudden failure in our replication process. Yes, they prior notice features, but even we have to bring our CDC services down to implement the new json key which will stop the replication process.

  • Admin
    Davendra Paltoo
    Reply
    |
    Oct 18, 2024

    IBM Update

    From our research, it looks like Workload Identity Federation(WIF) also needs an expiring access token. Can a permanent access token be made? IF yes, how?


    As a suggested workaround, can the Service Account json key expiry be planned for to avoid a sudden replication failure e.g. by periodically updating the key?