Does this skill work with GitHub Actions?

Yes, it is specifically optimized for GitHub Actions' id-token permissions and OIDC issuer, providing standard patterns for repository and environment-level trust.

What is OIDC Federation in the context of Claude Code?

OIDC Federation is a security pattern that allows Claude and your CI/CD workflows to authenticate to cloud providers (like GCP or Azure) using temporary tokens instead of stored, long-lived passwords or keys.

Which cloud providers does this skill support?

The skill provides specific implementation patterns for Google Cloud Platform (GCP) and Azure, though the OIDC principles can be applied to any provider supporting Workload Identity.

Why should I use secretless authentication instead of repository secrets?

Secretless authentication eliminates the risk of leaked credentials in logs, removes the operational burden of rotating keys, and ensures that tokens are cryptographically bound to specific branches or environments.

OIDC Federation Patterns

Name: OIDC Federation Patterns
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

セキュリティとテスト

Implements secretless cloud authentication using OpenID Connect to eliminate long-lived credentials in CI/CD workflows.

概要

This skill provides specialized guidance for implementing secretless authentication between GitHub Actions and major cloud providers like GCP and Azure. By leveraging OpenID Connect (OIDC) federation, it replaces risky, long-lived service account keys with short-lived, cryptographically bound tokens that expire in minutes. It offers standardized patterns for subject claim validation, least-privilege trust policies, and environment-level isolation, ensuring that your automated deployments and infrastructure-as-code workflows remain secure without the burden of manual secret rotation or the risk of credential leakage.

主な機能

Cryptographic workflow identity verification
Least-privilege subject claim configuration
Secretless cloud provider authentication patterns
0 GitHub stars
GCP Workload Identity Federation setup guides
Environment-level trust policy implementation

ユースケース

Securing production deployments with environment-specific identity gates
Implementing automated, secretless multi-cloud infrastructure management
Eliminating static secrets and long-lived keys in GitHub Actions

概要

主な機能

Cryptographic workflow identity verification
Least-privilege subject claim configuration
Secretless cloud provider authentication patterns
0 GitHub stars
GCP Workload Identity Federation setup guides
Environment-level trust policy implementation

ユースケース

Securing production deployments with environment-specific identity gates
Implementing automated, secretless multi-cloud infrastructure management
Eliminating static secrets and long-lived keys in GitHub Actions