CircleCi should support workload identity to allow pipelines to authenticate with cloud providers without requirement for secrets or certificates.

Google and Azure does provide mechanisms to generate short lived tokens where the tenants doesn't have to extract secrets that could be leaked