load-secrets-action icon indicating copy to clipboard operation
load-secrets-action copied to clipboard

Published 20 hours ago verified publisher icon 1Password

Allow OIDC to be used between 1password and GitHub Actions

Open scott-doyland-burrows opened this issue 1 year ago • 2 comments

Currently a 1password token is needed to be held in GitHub Actions as below:

OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

Can OIDC integration be implemented so the token can be removed.

If OIDC is integrated then please implement like it is between AWS and GitHub Actions, where we can use wildcards for repo names and we do not need to specify a GitHub Actions environment or branch.

Please do not implement like Azure where wildcards are not possible - as this is just so limiting to have to keep adding every single repo to the OIDC config.

scott-doyland-burrows avatar Jul 08 '23 07:07 scott-doyland-burrows

OIDC authentication for the GitHub action is something we're investigating! Would indeed be great if we can remove the static token per repo.

florisvdg avatar Jul 11 '23 12:07 florisvdg

Is there any news on how this is progressing?

scott-doyland-burrows avatar Mar 10 '24 09:03 scott-doyland-burrows