Can I Use OIDC Authentication with CircleCI?

Yes! We have added the ability to use OIDC authentication in your CircleCI builds! In this article, we have consolidated some resources, as well as common problems that may arise along the way. We hope this will help assist you in implementing this feature.

Common Issues:

Failed to assume role

An error occurred (AccessDenied) when calling the AssumeRoleWithWebIdentity operation:
Not authorized to perform sts:AssumeRoleWithWebIdentity
Failed to assume role

One way to address this error is to ensure sure the token has the necessary permissions.

Not $CIRCLE_OIDC_TOKEN env variable present in my job

There must be at least one context present in your job before CircleCI will generate the $CIRCLE_OIDC_TOKEN environment variable. If you do not see the environment variable in your job, then you should verify there is a context present in your config tied to that job

Helpful Resources:

OIDC with Vault
https://circleci.com/blog/openid-connect-identity-tokens/
Using OpenID Connect Tokens in Jobs
AWS OIDC docs

Troubleshooting OIDC in CircleCI

Can I Use OIDC Authentication with CircleCI?

Common Issues:

Failed to assume role

Not $CIRCLE_OIDC_TOKEN env variable present in my job

Helpful Resources:

Comments

Articles in this section