Hacker News new | ask | show | jobs
by jopsen 2229 days ago
I wish GitHub Actions had a mechanism for authenticating to third-party services without secrets.

It could be as simple as calling a metadata API only available from inside a GitHub Actions container and obtain a oauth2 token/JWT for an external audience.
1 comments
captncraig 2229 days ago
This would be great. Then we could reliably use something like vault to store secrets with individual acls per-workflow, and have reasonable confidence that only that single workflow can access them.
link
jopsen 2229 days ago
I don't get the obsession with secrets...

Why not give us some signed JWTs for external authentication.

Secrets is only good for legacy systems.

link