🦝 Secure the Build, Secure the Cloud: Using OIDC Tokens in CI/CD Pipelines - Alex Ilgayev & Elad Pticha, Cycode
Abstract
Cloud computing adoption is increasing, and organizations have an increasing need to secure their access to cloud resources. Traditional access control mechanisms such as access tokens, while still widely used, are insufficient to protect against modern threats. Even if the least-privilege principles are preserved, these tokens could leak and expose your infrastructure.Identity tokens, such as OpenID Connect (OIDC), have emerged as a popular alternative for authentication and authorization in cloud environments. Even though major CI/CD platforms are now supporting these tokens - GitHub Actions, GitLab CI, CircleCI, etc. - it isn’t widely adopted yet.In this session, we’ll cover the benefits of using OIDC for CI/CD pipelines, configuring cloud providers to accept OIDC tokens, and integrating OIDC-based authentication and authorization into popular CI/CD systems. We’ll also demonstrate a few examples of OIDC-based authentication and authorization in action through demos.