Member-only story
How to execute GitHub Actions through Open ID Connect (OIDC) with Microsoft Azure
GitHub Actions is GitHub’s solution to provide DevOps automation solution using YAML based pipeline file, though it can definitely does more than just DevOps CI/CD type of solutions. Now, as a Solutions Architect working with a lot of customers in GitHub, I often met customers who ask questions around how to use GitHub Actions to connect with 3rd party solutions like Microsoft Azure services, HashiCorp Vault, JFrog Artifactory, etc. Often time, this really depends on how 3rd party platform provides a way to authenticate to their own platforms. Since GitHub has a feature called GitHub Secrets where you can store encrypted secrets in either Repository or Organization level so that your GitHub Actions can consume them, this is a difficult solution to store credentials that can be used as logging into 3rd party platforms.
However, for super sensitive credentials, such as administrator privilege to cloud provider like Azure or AWS, saving the credentials across the repositories might not be the best idea. For this, GitHub recommends Open ID Connect (OIDC) solution to let the GitHub Actions to execute based on acceptable network inbound. Think it like a whitelisting for GitHub Action.
Now, GitHub provides a nice, detailed official documentation for adopting Open ID Connect with GitHub…
