[mikedelago]

Yeah, weird for them to do that. Managing credentials like that sucks even from an ergonomics standpoint.

In practice, it's pretty normal to use OIDC to authenticate Github Actions to AWS:

https://docs.github.com/en/actions/deployment/security-harde...

[thinkmassive]

Ok yeah, looks like they recently added OIDC support: https://docs.digger.dev/cloud-providers/authenticating-with-...

They should update the main readme to include this under Features, and also call it out in the demo files.