Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow API tokens to create attestations #752

Closed
4 of 6 tasks
jiparis opened this issue May 7, 2024 · 6 comments
Closed
4 of 6 tasks

Allow API tokens to create attestations #752

jiparis opened this issue May 7, 2024 · 6 comments

Comments

@jiparis
Copy link
Member

jiparis commented May 7, 2024

To ease the automatic onboarding of workflows, organizations might configure an API token globally, and then use it for creating the attestations. This means that:

  • org ID will be provided by the API token
  • workflow ID will be provided as an option in the CLI

The benefit of this approach would be organizations don't need to create a single robot account for each workflow (which could be problematic in orgs with dozens of jobs)

This change must be backwards compatible with current authz mechanisms, so we might need to rework the middlewares to allow multiple token providers.

This change should also be aligned with other potential authentication mechanisms, like using GitHub tokens, or any other ID provider.

Tasks

@migmartri
Copy link
Member

Is there anything left here?

@javirln
Copy link
Member

javirln commented May 14, 2024

Is there anything left here?

All done here, closing the issue.

@javirln javirln closed this as completed May 14, 2024
@migmartri
Copy link
Member

There were (are) two things missing

  • document the attestaiton process with API tokens in the docs
  • use it in one of our workflows

Are these completed?

@javirln
Copy link
Member

javirln commented May 14, 2024

There were (are) two things missing

  • document the attestaiton process with API tokens in the docs
  • use it in one of our workflows

Are these completed?

They are in progress.

@migmartri
Copy link
Member

ok, are you tracking them in another task or smth? Should we reopen this issue? Whatever you prefer :)

@javirln
Copy link
Member

javirln commented May 14, 2024

I'm using this one: https://github.com/chainloop-dev/platform/issues/630

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants