Skip to content

Generate OIDC JWT

Actions
Generates an OpenID Connect JSON Web Token (JWT) for specified audiences based on your workflow s identity
v1.1
Latest
By TremoloSecurity
Star (2)

Tags

 (2)
securityutilities

Generate OpenID Connect JWT Action

This action will generate a JWT for a custom audience. It replaces a script like:

- name: get oidc token
  run: |
    OIDC_TOKEN=$(curl -sLS "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=cicd.tremolo.dev" -H "User-Agent: actions/oidc-client" -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN")
    JWT=$(echo $OIDC_TOKEN | jq -j '.value')
    echo "JWT=$JWT" >> $GITHUB_ENV

In addition to creating the JWT for your audience, it registers the JWT as a GitHub action secret to reduce the risk that it is leaked via logs.

Inputs

audience

The value of the JWT aud claim. This audience should be validated by the receiver of the token.

environmentVariableName

The name of the environment variable to store the generated JWT into. This environment variable is marked as a secret.

Outputs

There are no outputs.

Example usage

- name: get oidc token
  uses: tremolosecurity/[email protected]
  with:
    audience: "cicd.tremolo.dev"
    environmentVariableName: "JWT"

Contributors (1)

@mlbiam

Resources

Generate OIDC JWT is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Generates an OpenID Connect JSON Web Token (JWT) for specified audiences based on your workflow s identity
v1.1
Latest
By TremoloSecurity

Tags

 (2)
securityutilities

Contributors (1)

@mlbiam

Resources

Generate OIDC JWT is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.