search

1Password / load-secrets-action

Load secrets from 1Password into your GitHub Actions jobs
https://developer.1password.com
MIT License
197 stars 27 forks source link

Allow OIDC to be used between 1password and GitHub Actions #53

Open scott-doyland-burrows opened 1 year ago

scott-doyland-burrows commented 1 year ago

Currently a 1password token is needed to be held in GitHub Actions as below:

OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

Can OIDC integration be implemented so the token can be removed.

If OIDC is integrated then please implement like it is between AWS and GitHub Actions, where we can use wildcards for repo names and we do not need to specify a GitHub Actions environment or branch.

Please do not implement like Azure where wildcards are not possible - as this is just so limiting to have to keep adding every single repo to the OIDC config.

florisvdg commented 1 year ago

OIDC authentication for the GitHub action is something we're investigating! Would indeed be great if we can remove the static token per repo.

scott-doyland-burrows commented 8 months ago

Is there any news on how this is progressing?

mabergstrom commented 3 weeks ago

Any updates regarding this?