{"id":49151183,"url":"https://github.com/octopusdeploy/teamcity-oidc-plugin","last_synced_at":"2026-05-19T08:12:10.150Z","repository":{"id":348831944,"uuid":"1195767775","full_name":"OctopusDeploy/teamcity-oidc-plugin","owner":"OctopusDeploy","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-22T05:48:09.000Z","size":663,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-22T06:40:16.982Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"NorddeutscherRundfunk/teamcity-jwt-plugin","license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OctopusDeploy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-30T03:29:51.000Z","updated_at":"2026-04-22T05:21:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/OctopusDeploy/teamcity-oidc-plugin","commit_stats":null,"previous_names":["octopusdeploy/teamcity-oidc-plugin"],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/OctopusDeploy/teamcity-oidc-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OctopusDeploy%2Fteamcity-oidc-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OctopusDeploy%2Fteamcity-oidc-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OctopusDeploy%2Fteamcity-oidc-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OctopusDeploy%2Fteamcity-oidc-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OctopusDeploy","download_url":"https://codeload.github.com/OctopusDeploy/teamcity-oidc-plugin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OctopusDeploy%2Fteamcity-oidc-plugin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32356602,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"ssl_error","status_checked_at":"2026-04-27T20:07:00.910Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-22T06:07:46.751Z","updated_at":"2026-05-19T08:12:10.143Z","avatar_url":"https://github.com/OctopusDeploy.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TeamCity OIDC Plugin\n\nA TeamCity plugin that turns your TeamCity server into an OIDC identity provider, enabling workload identity federation with cloud services — no static credentials required.\n\nWhen a build starts, the plugin issues a signed JWT and injects it as the masked build parameter `jwt.token`. Cloud providers (AWS, Azure, GCP, Octopus Deploy) verify the token against the plugin's public JWKS endpoint and grant access based on the claims it contains. No secrets need to be stored in TeamCity or on the build agent.\n\n## Requirements\n\n- TeamCity 2025.11+\n- The TeamCity server root URL must be configured as `https://`\n- A custom encryption key is strongly recommended to be configured via TeamCity's `TEAMCITY_ENCRYPTION_KEYS` environment variable. Without it, the plugin's private signing keys are only obfuscated on disk — anyone with read access to a data-directory backup can recover them and forge tokens that every cloud account configured to trust this TeamCity will accept. See [Key Management](docs/key-management.md#key-storage-and-encryption).\n\n## Installation\n\nCopy the plugin zip to `\u003cTeamCity data directory\u003e/plugins/` and restart TeamCity.\n\n## Setup\n\n1. Add the **OIDC Identity Token** build feature to a build configuration.\n2. Configure the audience (`aud`) to match what your cloud provider expects.\n3. In your cloud provider, create an OIDC identity that trusts your TeamCity server as the issuer, and configure conditions based on the claims in the token.\n4. Reference the token in build steps as `%jwt.token%`.\n\n## Screenshot\n\n![OIDC Identity Token build feature](docs/images/screenshot-build-features.png)\n\n## Documentation\n\n- [How It Works](docs/how-it-works.md) — JWT issuance lifecycle, OIDC token verification flow, Test Connection\n- [Configuration Reference](docs/configuration.md) — build feature fields, token claims, cloud provider setup guides\n- [Key Management](docs/key-management.md) — key rotation, storage, and encryption at rest\n- [Development](docs/development.md) — building the plugin, plugin architecture\n\n## License\n\nLicensed under the [Apache License, Version 2.0](LICENSE).\n\nThis plugin is provided \"AS IS\", without warranty of any kind. The plugin issues JWTs that grant access to cloud resources — you are solely responsible for reviewing its suitability for your environment, securing your TeamCity instance, and configuring trust relationships in your cloud providers appropriately. See the LICENSE file for the full disclaimer of warranty and limitation of liability.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foctopusdeploy%2Fteamcity-oidc-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foctopusdeploy%2Fteamcity-oidc-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foctopusdeploy%2Fteamcity-oidc-plugin/lists"}