-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use OIDC creds to deploy #364
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great @camertron, thanks for moving this over ✨. Have you verified this works in staging?
One comment about using secrets for the creds. Even if those values aren't compromising, I think we should mitigate by following the examples in docs verbatim.
Unfortunately this doesn't work in staging yet because the Edit: staging should be working now |
Had to submit the change in two PRs: https://github.com/github/azure-rbac/pull/970 https://github.com/github/azure-rbac/pull/971, but now everything appears to be working 🎉 |
This PR performs deploys using federated OIDC credentials in favor of the existing basic auth-based publish profile. Can confirm it works for prod deploys 👍
See also: