Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

identity: Add support for getting OIDC token from env var. #394

Merged
merged 1 commit into from
Apr 10, 2023
Merged

identity: Add support for getting OIDC token from env var. #394

merged 1 commit into from
Apr 10, 2023

Conversation

wlynch
Copy link
Member

@wlynch wlynch commented Apr 6, 2023

Summary

This adds support for reading OIDC tokens from the SIGSTORE_ID_TOKEN environment variable. This mimics the behavior of sigstore/cosign@9b482a5.

The main motivation for supporting this is to enable support for GitLab CI authentication
(https://gitlab.com/gitlab-org/gitlab/-/issues/404793), i.e. for cosign:

build:
  stage: build
  id_tokens:
    SIGSTORE_ID_TOKEN:
      aud: sigstore
  script:
     - cosign sign ...

Release Note

Added new token provider for looking up OIDC tokens in the SIGSTORE_ID_TOKEN environment variable.

Documentation

@wlynch wlynch requested a review from a team as a code owner April 6, 2023 15:46
@changeset-bot
Copy link

changeset-bot bot commented Apr 6, 2023
edited
Loading

🦋 Changeset detected

Latest commit: bc06418

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
sigstore Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@wlynch wlynch force-pushed the env-token branch 3 times, most recently from 2436453 to b87d441 Compare April 7, 2023 20:42
bdehamer
bdehamer previously approved these changes Apr 10, 2023
View reviewed changes
Copy link
Collaborator

@bdehamer bdehamer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. Thanks!

@wlynch
identity: Add support for getting OIDC token from env var.
bc06418 
This adds support for reading OIDC tokens from the SIGSTORE_ID_TOKEN
environment variable. This mimics the behavior of sigstore/cosign@9b482a5

The main motivation for supporting this is to enable support for GitLab
CI authentication
(https://gitlab.com/gitlab-org/gitlab/-/issues/404793).

Signed-off-by: Billy Lynch <billy@chainguard.dev>
@wlynch wlynch requested a review from bdehamer April 10, 2023 19:49
@bdehamer bdehamer merged commit da0bfd7 into sigstore:main Apr 10, 2023
@wlynch wlynch mentioned this pull request Apr 18, 2023
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@bdehamer bdehamer bdehamer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wlynch @bdehamer