esc icon indicating copy to clipboard operation
esc copied to clipboard
verified publisher icon pulumi

Add OIDC support to Authenticate Workloads for ESC

Open dirien opened this issue 1 year ago • 1 comments

Hello!

Currently, when using for example the ESC SDK you need to provide the PAT to your program to connect to your different environments. This is fine for most scenarios.

But there is always the risk to accidentally leak the PAT giving a potential malicious actor access to a whole lot of environments.

What would be really awesome, would be to have an additional way to authentiacte, in form of OIDC and workload identity. Similar Vault or infisical is doing!

Extending then the SDKs to handle the authentication process including the fetching of identity tokens for the user.

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

dirien avatar Oct 09 '24 18:10 dirien

See additional discussion on motivation for this issue here: https://github.com/pulumi/docs/pull/13054#pullrequestreview-2357840996

thoward avatar Oct 09 '24 18:10 thoward