GH-200 - Secure and optimize automation - Section 5.3
Configure granular GITHUB_TOKEN permissions and use OIDC token federation to remove long-lived cloud secrets.
Configure granular GITHUB_TOKEN permissions at the workflow and job level using the permissions key. Use OIDC id-token federation to exchange a short-lived token for cloud provider credentials, eliminating the need for long-lived secrets.
GITHUB_TOKENpermissionsOIDCid-token federation
More in this domain
Back to all Secure and optimize automation objectives, or the GH-200 cert hub.
Examworthy is not affiliated with or endorsed by GitHub. Original, blueprint-aligned practice material only.