Skip to content

[S7] Add OIDC auth to GitHub Action #68

Open
Open
[S7] Add OIDC auth to GitHub Action#68
Labels
github-actionGitHub Action (marketplace)github-integrationGitHub App + Action integrationoidcOIDC / keyless authenticationsprint-7Sprint 7: OIDC, Observability & Hardening
@krakenhavoc

Description

@krakenhavoc
krakenhavoc
opened on Apr 1, 2026

Description

Update the GitHub Action to support OIDC authentication as an alternative to API keys.

Flow

  1. Check if api-key input is provided
  2. If yes, use API key auth (existing behavior)
  3. If no, check for ACTIONS_ID_TOKEN_REQUEST_URL env var
  4. Request OIDC token from GitHub with audience: https://api.krakenkey.io
  5. Exchange OIDC token for KrakenKey access token via /v1/auth/github-oidc
  6. Use KrakenKey token for all subsequent API calls

Requirements

  • Workflow needs permissions: id-token: write
  • Clear error message if neither API key nor OIDC is available
  • Document OIDC setup in README

Acceptance Criteria

  • OIDC auth works when no API key provided
  • API key auth still works (backward compatible)
  • Clear error if neither auth method is available
  • README updated with OIDC examples

Metadata

Metadata

Assignees

No one assigned

    Labels

    github-actionGitHub Action (marketplace)github-integrationGitHub App + Action integrationoidcOIDC / keyless authenticationsprint-7Sprint 7: OIDC, Observability & Hardening

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions