[PR #24] [MERGED] Add articles on GitHub Actions OIDC secretless authentication and API protection #30

Closed
opened 2026-05-11 08:54:12 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/myugan/awesome-cicd-security/pull/24
Author: @eparon
Created: 5/9/2026
Status: Merged
Merged: 5/9/2026
Merged by: @myugan

Base: mainHead: add-oidc-github-actions-resources


📝 Commits (1)

  • 209d9dd Add articles on GitHub Actions OIDC secretless authentication and API protection

📊 Changes

1 file changed (+3 additions, -1 deletions)

View changed files

📝 README.md (+3 -1)

📄 Description

What

Adds two articles to the GitHub Actions section under Blogs:

  • Part 1: How GitHub Actions issues OIDC tokens and how to use them for secret-less authentication — covers non-human identities, token claims, and the trust chain from GitHub's IdP.
  • Part 2: End-to-end guide to protecting APIs using GitHub Actions OIDC tokens validated by Envoy Proxy, handling both authentication (authN) and authorization (authZ) concerns, as well as a reproducible lab setup.

Why

The existing GitHub Actions entries cover the attack surface (secret theft, argument injection, write-access abuse). These two articles cover the defensive side — eliminating long-lived secrets from CI/CD pipelines entirely via workload identity. Complements what's already there.


Happy to take along any edits/suggestions prior to merging.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/myugan/awesome-cicd-security/pull/24 **Author:** [@eparon](https://github.com/eparon) **Created:** 5/9/2026 **Status:** ✅ Merged **Merged:** 5/9/2026 **Merged by:** [@myugan](https://github.com/myugan) **Base:** `main` ← **Head:** `add-oidc-github-actions-resources` --- ### 📝 Commits (1) - [`209d9dd`](https://github.com/myugan/awesome-cicd-security/commit/209d9dd9bdc2fbbc5a9703d9e05c147ef660a29a) Add articles on GitHub Actions OIDC secretless authentication and API protection ### 📊 Changes **1 file changed** (+3 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+3 -1) </details> ### 📄 Description ## What Adds two articles to the GitHub Actions section under Blogs: - Part 1: How GitHub Actions issues OIDC tokens and how to use them for secret-less authentication — covers non-human identities, token claims, and the trust chain from GitHub's IdP. - Part 2: End-to-end guide to protecting APIs using GitHub Actions OIDC tokens validated by Envoy Proxy, handling both authentication (authN) and authorization (authZ) concerns, as well as a reproducible lab setup. ## Why The existing GitHub Actions entries cover the attack surface (secret theft, argument injection, write-access abuse). These two articles cover the defensive side — eliminating long-lived secrets from CI/CD pipelines entirely via workload identity. Complements what's already there. --- Happy to take along any edits/suggestions prior to merging. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-11 08:54:12 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/awesome-cicd-security#30