Identity Federation #5668
Replies: 3 comments 1 reply
-
Just stopping by to add a link to the GitHub Actions OIDC support: |
Beta Was this translation helpful? Give feedback.
-
We've definitely considered the actions type approach to allow easier auth to cloud platform providers. It is worth noting that some amount of the existing cloud provider infra e.g. |
Beta Was this translation helpful? Give feedback.
-
I'm getting started with codespaces so forgive me if this already exists. I haven't seen it in the docs yet. I want to start a codespace from a custom docker image from a private ECR repo. Right now, I think the only way is to create an IAM user/keypair and then set the With actions I can use the OIDC provider to authenticate. It would be great to use the same auth mechanism in codespaces too. |
Beta Was this translation helpful? Give feedback.
-
Hi,
This is probably a super big ask, but I think it is potentially huge.
Right now, when I am using a Code Space, it appears as though it is private to me as a user. Is that correct? That is, within a repository, the code space instances can't be shared by separate users. Yes, each user can have separate instances using the same images, &c, but the actual disk and contents are running for the individual user. I'm assuming that, given how the dotfiles and other things are mapped in.
Anyhow, what would be awesome, is if there was a workload identity available for that instance that identified my GitHub user account, within the context of the organization and repo that I am working in. With this, if it is exposed somehow as a JWT with a public GitHub OIDC provider, I can then integrate my identity with Google Cloud, AWS, etc.
Reference topics:
My understanding is that some form of workload identity is coming to GitHub Actions. Pairing that same approach with Code Spaces would create a tremendous foundation for security.
Beta Was this translation helpful? Give feedback.
All reactions