{"id":31441311,"url":"https://github.com/astral-sh/ambient-id","last_synced_at":"2026-02-09T19:05:11.343Z","repository":{"id":313988805,"uuid":"1052833194","full_name":"astral-sh/ambient-id","owner":"astral-sh","description":"A library for accessing ambient OpenID Connect tokens","archived":false,"fork":false,"pushed_at":"2025-12-09T16:32:50.000Z","size":87,"stargazers_count":4,"open_issues_count":5,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-27T00:02:26.693Z","etag":null,"topics":["authentication","github-actions","gitlab-ci","oidc"],"latest_commit_sha":null,"homepage":"https://crates.io/crates/ambient-id","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/astral-sh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-08T15:59:45.000Z","updated_at":"2026-01-10T19:05:00.000Z","dependencies_parsed_at":"2025-09-09T23:57:19.695Z","dependency_job_id":"5154cee4-55b2-413e-be5b-a55fd4d2e948","html_url":"https://github.com/astral-sh/ambient-id","commit_stats":null,"previous_names":["astral-sh/ambient-id"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/astral-sh/ambient-id","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/astral-sh%2Fambient-id","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/astral-sh%2Fambient-id/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/astral-sh%2Fambient-id/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/astral-sh%2Fambient-id/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/astral-sh","download_url":"https://codeload.github.com/astral-sh/ambient-id/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/astral-sh%2Fambient-id/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29044104,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T10:09:22.136Z","status":"ssl_error","status_checked_at":"2026-02-03T10:09:16.814Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","github-actions","gitlab-ci","oidc"],"created_at":"2025-09-30T16:42:33.367Z","updated_at":"2026-02-03T11:17:24.666Z","avatar_url":"https://github.com/astral-sh.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ambient-id\n\n[![Crates.io Version](https://img.shields.io/crates/v/ambient-id)](https://crates.io/crates/ambient-id)\n\nA library for accessing ambient OIDC credentials in a variety of environments.\n\nThis crate serves the same purpose as Python's [id] library.\n\n## Supported environments\n\n`ambient-id` currently supports ambient OIDC credential detection in the\nfollowing environments:\n\n* GitHub Actions\n\n  - GitHub Actions requires the `id-token: write` permission to be set\n    at the job or workflow level. In general, users should set this at the\n    job level to limit the scope of the permission.\n\n    For additional information on OpenID Connect in GitHub Actions, see the\n    [GitHub documentation].\n\n* GitLab CI\n\n  - On GitLab, this crate looks for an `\u003cAUD\u003e_ID_TOKEN` environment variable,\n    where `\u003cAUD\u003e` is the audience string with non-alphanumeric characters\n    replaced by underscores and converted to uppercase. For example, if the\n    audience is `sigstore`, the crate will look for a `SIGSTORE_ID_TOKEN`\n    environment variable.\n\n    For additional information on OpenID Connect and `\u003cAUD\u003e_ID_TOKEN`\n    environment variables, see the [GitLab documentation].\n\n* Buildkite\n\n  - On Buildkite, this crate invokes\n    `buildkite-agent oidc request-token --audience \u003cAUD\u003e` to obtain the token.\n\n    If you're using Buildkite's [Docker plugin], you'll need to\n    propagate the environment and mount the Buildkite agent binary into\n    the container for this to work correctly.\n\n    Specifically, you'll need `propagate-environment: true` and\n    `mount-buildkite-agent: true` set in your plugin configuration.\n\n    For additional information on OpenID Connect in Buildkite, see the\n    [Buildkite documentation].\n  \n* CircleCI\n\n  - On CircleCI, this crate invokes\n    `circleci run oidc get --root-issuer --claims '{\"aud\": \u003cAUD\u003e}'`\n    to obtain the token.\n  \n    This crate only uses `--root-issuer`; per-organization issuers aren't\n    supported. \n\n## Development\n\nTo run tests:\n\n```sh\nRUST_TEST_THREADS=1 cargo test\n```\n\nYou **must** pass `RUST_TEST_THREADS=1` to ensure tests are run in a single\nthread, as this crate's tests manipulate environment variables and are not\nthread-safe.\n\n## License\n\nambient-id is licensed under either of\n\n* Apache License, Version 2.0, ([LICENSE-APACHE] or https://www.apache.org/licenses/LICENSE-2.0)\n* MIT license ([LICENSE-MIT] or https://opensource.org/licenses/MIT)\n\nat your option.\n\nUnless you explicitly state otherwise, any contribution intentionally\nsubmitted for inclusion in ambient-id by you, as defined in the Apache-2.0\nlicense, shall be dually licensed as above, without any additional terms or\nconditions.\n\n\u003cdiv align=\"center\"\u003e\n  \u003ca target=\"_blank\" href=\"https://astral.sh\" style=\"background:none\"\u003e\n    \u003cimg src=\"https://raw.githubusercontent.com/astral-sh/uv/main/assets/svg/Astral.svg\" alt=\"Made by Astral\"\u003e\n  \u003c/a\u003e\n\u003c/div\u003e\n\n[id]: https://pypi.org/project/id/\n[GitHub documentation]: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect\n[GitLab documentation]: https://docs.gitlab.com/ci/secrets/id_token_authentication/\n[Docker plugin]: https://github.com/buildkite-plugins/docker-buildkite-plugin\n[Buildkite documentation]: https://buildkite.com/docs/pipelines/security/oidc\n[LICENSE-APACHE]: ./LICENSE-APACHE\n[LICENSE-MIT]: ./LICENSE-MIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fastral-sh%2Fambient-id","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fastral-sh%2Fambient-id","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fastral-sh%2Fambient-id/lists"}