Skip to content

Add ability to use service account token #142

New issue
New issue
Open
Open
Add ability to use service account token#142
Labels
enhancementNew feature or request
@jwefers

Description

@jwefers
jwefers
opened on Oct 30, 2025

What problem are you facing?

Some target APIs support JWT auth from a foreign issuer. We could use that to configure the API to accept tokens from the cluster OIDC issuer. A pod can get such a token provided by the cluster in the form of attaching a service account. The token is then mounted as a file into the pod /var/run/secrets/kubernetes.io/token (amonst other tokens, such as e.g. Azure workload identity tokens) .Having the ability to use that mounted token file content in http calls would allow us to not rely on API secrets maintained separately.

How could Crossplane help solve your problem?

Create a syntax similar to secret refs that i can include in headers/body that inlines file contents from the provider-http pod to be able to use service account tokens (or e.g. azure workload identity tokens).

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions