Hey @erikpack , the whole point of setting up Workload Identity Federation is to avoid having to create a key file. Workload Identity Federation allows you to effectively “bind” a Kubernetes service account to a GCP service account, enabling your pod running on Kubernetes to act with as much of permissions as those held by a GCP service account.
So there is no key file. Authentication mode is “oauth” as opposed to “service-account”. So your profiles.yml should look as follows:
BigQuery setup | dbt Developer Hub (getdbt.com)
In other words, authentication will happen against the GCP service account that you created a bind to. No need to create any key file and point to it. You should authenticate using oauth.
Look at this response to a question similar to yours: How to run dbt on Cloud Composer and authenticate the service account - #4 by charles-astra
@meurant.naude excellent article! Perhaps it is worth mentioning how you set up your profiles.yml in this article.
-Diana