Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maintenance: Migrate static keys to github OIDC for SAR pipeline #1353

Closed
2 tasks done
heitorlessa opened this issue Jul 22, 2022 · 1 comment · Fixed by #1355
Closed
2 tasks done

Maintenance: Migrate static keys to github OIDC for SAR pipeline #1353

heitorlessa opened this issue Jul 22, 2022 · 1 comment · Fixed by #1355
Labels
tech-debt Technical Debt tasks

Comments

@heitorlessa
Copy link
Contributor

heitorlessa commented Jul 22, 2022
edited
Loading

Summary

GitHub Actions introduced OIDC support (as used by E2E tests and Layer pipeline). This task tracks the migration from static keys to temporary credential via federation with OIDC.

Why is this needed?

Increase security posture by not having to rotate keys, making it also less error-prone.

Which area does this relate to?

Automation, Governance

Solution

No response

Acknowledgment
@heitorlessa heitorlessa added triage Pending triage from maintainers internal Maintenance changes labels Jul 22, 2022
@heitorlessa heitorlessa mentioned this issue Jul 22, 2022
Closed
2 tasks
@heitorlessa heitorlessa removed the triage Pending triage from maintainers label Jul 22, 2022
@heitorlessa heitorlessa linked a pull request Jul 22, 2022 that will close this issue
chore(ci): use OIDC and encrypt release secrets #1355
Merged
7 tasks
@github-actions
Copy link
Contributor

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

@heitorlessa heitorlessa added tech-debt Technical Debt tasks and removed internal Maintenance changes labels Apr 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tech-debt Technical Debt tasks
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(ci): use OIDC and encrypt release secrets heitorlessa/aws-lambda-powertools-python
1 participant
@heitorlessa