Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/nicholasdille/awesome-workload-identity


https://github.com/nicholasdille/awesome-workload-identity

List: awesome-workload-identity

oidc workload-identity

Last synced: 6 months ago
JSON representation

Awesome Lists containing this project

README 

          
# Awesome Workload Identity



Workload Identity aims to avoid using explicit credentials. Authentication is performed through an OpenID Connect provider which is trusted by both parties.



## By Consumer



### AWS



Kubernetes Service Accounts to AWS IAM role, a.k.a. [**I**AM **R**oles for Kubernetes **S**ervice **A**ccounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html), [mutating webhook](https://github.com/aws/amazon-eks-pod-identity-webhook)



GitLab CI to AWS ([GitLab official documentation](https://docs.gitlab.com/ee/ci/cloud_services/aws/))



GitHub Action to AWS ([GitHub official documentation](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services))



### Azure



Kubernetes Service Accounts to [Azure workload identity](https://github.com/Azure/azure-workload-identity)



GitLab CI to Azure ([GitLab official documentation](https://docs.gitlab.com/ee/ci/cloud_services/azure/))



GitHub Actions to Azure ([GitHub official documentation](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure))



### Cosign



[Keyless signing using OIDC tokens](https://docs.sigstore.dev/certificate_authority/oidc-in-fulcio/) for [GitHub](https://docs.sigstore.dev/certificate_authority/oidc-in-fulcio/#github), [GitLab](https://docs.sigstore.dev/certificate_authority/oidc-in-fulcio/#gitlab) and [SPIFFE](https://docs.sigstore.dev/certificate_authority/oidc-in-fulcio/#spiffe-1)



Keyless signing in GitLab CI ([GitLab official documentation](https://docs.gitlab.com/ee/ci/yaml/signing_examples.html))



### Google Cloud



GitHub Actions to GCP ([GCP official documentation](https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions))



GitLab CI to GCP ([GitLab official documentation](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/))



GitHub Actions to GCP ([GitHub official documentation](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-google-cloud-platform), [Google Cloud blog](https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions))



### Jfrog



GitHub Actions to JFrog ([GitHub official documentation](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog))



### Kubernetes



GitLab user against Kubernetes ([blog](https://www.hoelzel.it/kubernetes/2023/04/17/k3s-gitlab-oidc-copy.html))



## By Provider



**Checkout the list of OIDC providers in the [Awesome OpenID Connect](https://github.com/cerberauth/awesome-openid-connect?tab=readme-ov-file#openid-providers-op) list**



[GitHub OIDC](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect)



[GitLab OIDC provider](https://docs.gitlab.com/ee/integration/openid_connect_provider.html)



[Keycloak](https://www.keycloak.org/)



[dex](https://dexidp.io/)



[zitadel](https://github.com/zitadel)



[Kubernetes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-issuer-discovery)



## Tools



kubectl plugin for Kubernetes OpenID Connect authentication ([GitHub repository](https://github.com/int128/kubelogin))