Skip to content

fix: use npm trusted publishing via OIDC, remove AWS/Secrets Manager#4

Merged
anshultibby-at merged 1 commit intomainfrom
fix/npm-secret-path
Mar 26, 2026
Merged

fix: use npm trusted publishing via OIDC, remove AWS/Secrets Manager#4
anshultibby-at merged 1 commit intomainfrom
fix/npm-secret-path

Conversation

@anshultibby-at
Copy link
Copy Markdown
Collaborator

@anshultibby-at anshultibby-at commented Mar 26, 2026
edited
Loading

Summary

  • Replaces AWS OIDC + Secrets Manager token fetching with npm's native trusted publishing (shipped 2026-03-25)
  • Removes --provenance flag — provenance is generated automatically when publishing via OIDC from a public repo
  • Drops contents: write from the publish job (only id-token: write needed now)

Required follow-up

  • Configure trusted publisher on npmjs.com: package Settings → Trusted Publisher → GitHub Actions
    • Repository: Airtable/airtable-cli
    • Workflow filename: release.yml

Test plan

  • Configure trusted publisher on npmjs.com first (above)
  • Trigger a release tag and verify publish succeeds without a token

🤖 Generated with Claude Code

@anshultibby-at @claude
fix: update npm token secret path to /hyperbase/airtable_cli_npm
8fbbdf0 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@anshultibby-at anshultibby-at merged commit bb3197a into main Mar 26, 2026
6 checks passed
@anshultibby-at anshultibby-at changed the title fix: update npm token secret path to /hyperbase/airtable_cli_npm fix: use npm trusted publishing via OIDC, remove AWS/Secrets Manager Mar 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@anshultibby-at