rmallorybpc
commented
2 years ago Build and deploy applications to Azure by using GitHub Actions
Blog content to check
Secure deployments with OpenID Connect & GitHub Actions now generally available. Issue #27. In 2-deploy-azure.md, a new section after Create and delete Azure resources by using GitHub Actions and before Disable Actions workflows.
Secure deployments
You can take a more secure cloud deployment approach by configuring your workflow to request a short-lived access token directly from the cloud provider. This is because Actions supports OpenID Connect (OIDC). Without OIDC, you would need to store a credential or token as an encrypted secret in GitHub and present that secret to the cloud provider every time it runs. The new OIDC support gives you a very clear separation of the configuration that you need to manage in GitHub and the permissions that you need to manage in the cloud portal, making cloud deployments simpler to set up and more secure.
You can configure the OIDC trust on your cloud provider and then update your workflows to request a short-lived access token from the cloud provider through OIDC. This means that you won’t need to add long-lived cloud credentials as GitHub secrets and worry about token expiry and rotating them. You have more granular control over which workflows can access cloud resources by using your cloud provider’s authentication (authN) and authorization (authZ) tools.
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.
Source: https://github.blog/2021-11-23-secure-deployments-openid-connect-github-actions-generally-available/