Use OpenID Connect (OIDC) for cloud authentication?

Follow:

• Instead of long-lived access keys, use federated identity:

■ AWS/GCP trusts GitHub’s identity token.

■ Short-lived credentials are issued dynamically.

Example for AWS:

permissions:

id-token: write

contents: read

Real-world example:

In one project, we replaced static AWS keys with OIDC-based auth in GitHub Actions

— no more long-lived tokens, and access was automatically scoped per workflow.

Follow: