-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow API tokens to create attestations #752
Labels
Comments
jiparis
changed the title
Allow API tokens to create robot accounts
Allow API tokens to create attestations
May 7, 2024
This was referenced May 8, 2024
Is there anything left here? |
All done here, closing the issue. |
There were (are) two things missing
Are these completed? |
They are in progress. |
ok, are you tracking them in another task or smth? Should we reopen this issue? Whatever you prefer :) |
I'm using this one: https://github.com/chainloop-dev/platform/issues/630 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To ease the automatic onboarding of workflows, organizations might configure an API token globally, and then use it for creating the attestations. This means that:
The benefit of this approach would be organizations don't need to create a single robot account for each workflow (which could be problematic in orgs with dozens of jobs)
This change must be backwards compatible with current authz mechanisms, so we might need to rework the middlewares to allow multiple token providers.
This change should also be aligned with other potential authentication mechanisms, like using GitHub tokens, or any other ID provider.
Tasks
The text was updated successfully, but these errors were encountered: