diff --git a/chart/infra-server/static/flavors.yaml b/chart/infra-server/static/flavors.yaml
index f05661e96..d70b4d6c8 100644
--- a/chart/infra-server/static/flavors.yaml
+++ b/chart/infra-server/static/flavors.yaml
@@ -979,6 +979,11 @@
       value: us-east1
       kind: optional
 
+    - name: enable-wif
+      description: Use Workload Identity Federation instead of service account key
+      value: "false"
+      kind: optional
+
   artifacts:
     - name: kubeconfig
       description: Kube config for connecting to this cluster
diff --git a/chart/infra-server/static/workflow-osd-gcp.yaml b/chart/infra-server/static/workflow-osd-gcp.yaml
index 0107bbfa3..66ffa951c 100644
--- a/chart/infra-server/static/workflow-osd-gcp.yaml
+++ b/chart/infra-server/static/workflow-osd-gcp.yaml
@@ -14,6 +14,8 @@ spec:
         value: "m5.xlarge"
       - name: gcp-region
         value: us-east1
+      - name: enable-wif
+        value: "false"
   volumeClaimTemplates:
     - metadata:
         name: data
@@ -76,6 +78,8 @@ spec:
             value: "infra"
           - name: GCP_REGION
             value: '{{ "{{" }}workflow.parameters.gcp-region{{ "}}" }}'
+          - name: ENABLE_WIF
+            value: '{{ "{{" }}workflow.parameters.enable-wif{{ "}}" }}'
         volumeMounts:
           - name: data
             mountPath: /data
@@ -152,6 +156,8 @@ spec:
                 key: GCP_SERVICE_ACCOUNT_KEY_BASE64
           - name: GCP_PROJECT
             value: "acs-team-temp-dev"
+          - name: ENABLE_WIF
+            value: '{{ "{{" }}workflow.parameters.enable-wif{{ "}}" }}'
         volumeMounts:
           - name: data
             mountPath: /data