|
|
|
|
|
|
by woodruffw
1262 days ago
|
|
|
I assume what they meant is having AWS accept short-lived OIDC tokens from Circle's OIDC provider, which in turn would generate them on demand when the CI is actually run. There'd be no secrets at rest and the attack surface would be (in principle) smaller. |
|
|