Can I Use OIDC Authentication with CircleCI?
Yes! We have added the ability to use OIDC authentication in your CircleCI builds! In this article, we have consolidated some resources, as well as common problems that may arise along the way. We hope this will help assist you in implementing this feature.
Common Issues:
Failed to assume role
An error occurred (AccessDenied) when calling the AssumeRoleWithWebIdentity operation:
Not authorized to perform sts:AssumeRoleWithWebIdentity
Failed to assume role
One way to address this error is to ensure sure the token has the necessary permissions.
Not $CIRCLE_OIDC_TOKEN env variable present in my job
There must be at least one context present in your job before CircleCI will generate the $CIRCLE_OIDC_TOKEN environment variable. If you do not see the environment variable in your job, then you should verify there is a context present in your config tied to that job
Helpful Resources:
- OIDC with Vault
- https://circleci.com/blog/openid-connect-identity-tokens/
- Using OpenID Connect Tokens in Jobs
- AWS OIDC docs
Comments
Article is closed for comments.