- the authenticated user, for credentials the user owns and manages
- a service account, for credentials used by services that run as that account
container.run_as) and service-account permissions rather than project-level secret references.
User and service-account secrets in MeshAgent.
container.run_as) and service-account permissions rather than project-level secret references.