The URL http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/ is a core internal endpoint for the . It is used by applications running on Google Compute Engine (GCE), Cloud Run, or GKE to discover information about the service accounts attached to their environment. Core Functionality
With the metadata server:
The metadata server is not a standard network service. It is or guest kernel driver. Traffic to 169.254.169.254 never leaves the physical host. The hypervisor injects signed tokens directly into the VM, trusting only the internal vNIC. This design prevents even root in the guest from stealing the long-term private key – they can only request time-limited tokens. The URL http://metadata
You can then append any of these account names to retrieve their access tokens, identity tokens, SSH keys, or email details. It is or guest kernel driver
: Generates an OAuth2 access token for the instance's primary service account. This design prevents even root in the guest