Add OIDC support to Authenticate Workloads for ESC #402
Labels
kind/enhancement
Improvements or new features
Milestone
Comments
dirien
added
kind/enhancement
dirien
changed the title
|
See additional discussion on motivation for this issue here: pulumi/docs#13054 (review) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
Currently, when using for example the ESC SDK you need to provide the PAT to your program to connect to your different environments. This is fine for most scenarios.
But there is always the risk to accidentally leak the PAT giving a potential malicious actor access to a whole lot of environments.
What would be really awesome, would be to have an additional way to authentiacte, in form of OIDC and workload identity. Similar Vault or infisical is doing!
Extending then the SDKs to handle the authentication process including the fetching of identity tokens for the user.
The text was updated successfully, but these errors were encountered: