Please enter url.
This repository holds a GitHub App called octo-sts that acts like a Security Token Service (STS) for the GitHub API. Using this App, workloads running

Search code, repositories, users, issues, pull requests...

submited by
Style Pass
2024-05-02 18:00:04

This repository holds a GitHub App called octo-sts that acts like a Security Token Service (STS) for the GitHub API. Using this App, workloads running essentially anywhere that can produce OIDC tokens can federate with this App's STS API in order to produce short-lived tokens for interacting with GitHub.

For the App to produce credentials that work with resources in your organization it must be installed into the organization and have access to any repositories that you will want workloads to be able to interact with. Unfortunately due to limitations with GitHub Apps, the App must ask for a superset of the permissions needed for federation, so the full set of permissions the App requests will be large, but with one exception (contents: read reading policy files) the App only creates tokens with these scopes based on the "trust policies" you have configured.

Here is a simple example that allows the GitHub actions workflows in chainguard-dev/foo running on the main branch to read the repo contents and interact with issues:

Read more github.com/o...
Share :  
Leave a Comment
Related Posts

Web-based editor - GitHub Docs

Comment

Groundhog day: NPM package caught stealing browser passwords

Comment

DHI-GRAS / terracotta

Comment

Semantic FAQ Search with Haystack

Comment

nubank / umschreiben-clj

Comment

The internet has changed, our search should change as well!

Comment

screenshotbot / screenshotbot-oss Public

Comment

UltraEdit: The world's best text editor

Comment

Brave Search beta now available in Brave browser, offering users the first independent privacy search/browser alternative to big tech

Comment

Pagination in web scraper

Comment
Recent Posts

Export to CSV, JSON and XLSX from the Neon console

Comment

Engineering Leadership

Comment

Stuff I know about ZIP | orchid.pink

Comment

These wall-climbing, AI-powered robots are finding the flaws in 'D' grade U.S. infrastructure, from commuter bridges to military hardware

Comment

Paul-Gabriel Wiener: "I finally did it. I used an LLM. A couple of mont…" - RealSocial.Life

Comment

Don’t return err in Go

Comment

Well played Google! DeepMind shows off Project Astra watching the OpenAI ChatGPT Voice announcement

Comment

Computer Science > Computer Vision and Pattern Recognition

Comment

Create Apps Easily with Streamlit

Comment

The WB B-Tree Database for SCM, Java, C#, C, and C++

Comment

Physics > Popular Physics

Comment

California condors are very rare, but 10% of them are trashing this woman's house

Comment

Idea Editing: Previsualization for Feature Films

Comment

Restrict Access to a JavaScript Application Embedded via an iframe

Comment

The Best Web Hosting For SEO 2024 | Webhostwinner

Comment

New support for AI advancement in Central and Eastern Europe

Comment

Given its intimacy with the body and deep play on form and function, furniture is a ripely ambiguous artform of its own

Comment

Spying on a Ruby process's memory allocations with eBPF

Comment

Wizard of Swipe for Tinder

Comment

Computer Science > Logic in Computer Science

Comment