{"id":16780492,"url":"https://github.com/artis3n/course-vault-github-oidc","last_synced_at":"2026-01-03T20:03:10.438Z","repository":{"id":65299168,"uuid":"588659564","full_name":"artis3n/course-vault-github-oidc","owner":"artis3n","description":"Take this course to learn how to create fine-grained, least-privilege HashiCorp Vault roles for GitHub Action workflows using GitHub OIDC.","archived":false,"fork":false,"pushed_at":"2024-03-31T12:40:27.000Z","size":70,"stargazers_count":13,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-23T06:45:16.813Z","etag":null,"topics":["oidc","secrets","secrets-management","skills-course","vault","workflows"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/artis3n.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-13T17:06:05.000Z","updated_at":"2023-08-03T14:41:03.000Z","dependencies_parsed_at":"2025-01-23T06:44:08.238Z","dependency_job_id":"1a75528f-1729-451a-bee6-61959b21e358","html_url":"https://github.com/artis3n/course-vault-github-oidc","commit_stats":null,"previous_names":[],"tags_count":0,"template":true,"template_full_name":"skills/template-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artis3n%2Fcourse-vault-github-oidc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artis3n%2Fcourse-vault-github-oidc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artis3n%2Fcourse-vault-github-oidc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/artis3n%2Fcourse-vault-github-oidc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/artis3n","download_url":"https://codeload.github.com/artis3n/course-vault-github-oidc/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243925990,"owners_count":20369914,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["oidc","secrets","secrets-management","skills-course","vault","workflows"],"created_at":"2024-10-13T07:35:16.640Z","updated_at":"2026-01-03T20:03:10.342Z","avatar_url":"https://github.com/artis3n.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cheader\u003e\n\n\u003c!--\n  \u003c\u003c\u003c Author notes: Header of the course \u003e\u003e\u003e\n  Read \u003chttps://skills.github.com/quickstart\u003e for more information about how to build courses using this template.\n  Include a 1280×640 image, course name in sentence case, and a concise description in emphasis.\n  In your repository settings: enable template repository, add your 1280×640 social image, auto delete head branches.\n  Next to \"About\", add description \u0026 tags; disable releases, packages, \u0026 environments.\n  Add your open source license, GitHub uses Creative Commons Attribution 4.0 International.\n--\u003e\n\n# Getting secrets from HashiCorp Vault with GitHub OIDC in Action workflows\n\nUnderstand the principles behind configuring OIDC authentication from GitHub Action workflows to HashiCorp Vault for least-privilege access to secrets from CI/CD pipelines.\n\n\u003c/header\u003e\n\n- **Who is this for**: Developers, security engineers, and operators of secrets management programs.\n- **What you'll learn**: How to use GitHub OIDC for fine-grained role access to secrets in HashiCorp Vault.\n- **What you'll build**: You will create three GitHub Action workflows retrieving secrets from Vault for the following use cases:\n  1. Non-production secrets for integration testing within pull requests\n  1. Production secrets for deployments of code from the main branch\n  1. Segregating access to secrets between jobs in a workflow file with [GitHub Environments](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment)\n- **Prerequisites**:\n  1. You should have basic proficiency working with HashiCorp Vault.\n  You should understand how Vault roles correspond to HCL policies and how policies grant access to secrets.\n  Completing HashiCorp's [Vault Getting Started](https://developer.hashicorp.com/vault/tutorials/getting-started) tutorial is sufficient.\n  1. You should also understand the layout of a GitHub Actions workflow file.\n  The GitHub tutorial [Continuous Integration](https://github.com/skills/continuous-integration) provides a good introduction.\n- **How long**: This course is 4 steps long and takes about 1 hour to complete.\n\n\u003c!--\n  \u003c\u003c\u003c Author notes: Start of the course \u003e\u003e\u003e\n  Include start button, a note about Actions minutes,\n  and tell the learner why they should take the course.\n  Each step should be wrapped in \u003cdetails\u003e/\u003csummary\u003e, with an `id` set.\n  The start \u003cdetails\u003e should have `open` as well.\n  Do not use quotes on the \u003cdetails\u003e tag attributes.\n--\u003e\n\n## How to start this course\n\n[![start-course](https://user-images.githubusercontent.com/1221423/235727646-4a590299-ffe5-480d-8cd5-8194ea184546.svg)](https://github.com/new?template_owner=artis3n\u0026template_name=course-vault-github-oidc\u0026owner=%40me\u0026name=course-vault-github-oidc\u0026description=Learn+how+to+create+fine-grained,+least-privilege+HashiCorp+Vault+roles+for+GitHub+Action+workflows+using+GitHub+OIDC.\u0026visibility=public)\n\n1. Make sure you are signed in to GitHub.\nRight-click **Start course** and open the link in a new tab.\n2. In the new tab, most of the prompts will automatically fill in for you.\n    - For owner, choose your personal account or an organization to host the repository.\n    - We recommend creating a public repository — private repositories will [use Actions minutes](https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions).\n3. After your new repository is created, wait about 20 seconds, then refresh that page.\nFollow the step-by-step instructions in the new repository's README.\n\n\u003cfooter\u003e\n\n\u003c!--\n  \u003c\u003c\u003c Author notes: Footer \u003e\u003e\u003e\n  Add a link to get support, GitHub status page, code of conduct, license link.\n--\u003e\n\n---\n\nGet help: [Post in our discussion board](https://github.com/artis3n/course-vault-github-oidc/discussions) \u0026bull; Something not working? [File an issue ticket](https://github.com/artis3n/course-vault-github-oidc/issues)\n\n\u0026copy; 2022 Ari Kalfus \u0026bull; [Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/code_of_conduct.md) \u0026bull; [CC-BY-4.0 License](https://creativecommons.org/licenses/by/4.0/legalcode)\n\n\u003c/footer\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fartis3n%2Fcourse-vault-github-oidc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fartis3n%2Fcourse-vault-github-oidc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fartis3n%2Fcourse-vault-github-oidc/lists"}