GitHub: OIDC Authentication

📘

Subscription Information

OIDC integration is available to Enterprise and Enterprise+ customers. For a complete feature comparison by subscription type, refer to the JFrog and GitHub Integration Features Matrix.

Value

Traditional CI/CD pipelines often use long-lived credentials for accessing cloud services and managing deployments, which can pose significant security risks and require extensive management. Switching to OpenID Connect (OIDC) enhances both security and manageability by providing a passwordless experience. OIDC is a modern authentication protocol that securely connects GitHub and GitHub Actions with the JFrog Platform, utilizing dynamic token generation to efficiently manage the token lifecycle instead of relying on permanent credentials or API keys stored in GitHub Secrets.

Key Benefits

• Simplified Setup: Automates the creation of OIDC integrations and identity mappings specifically tailored for your dedicated GitHub repositories.
• Streamlined Security: Effortlessly creates secure, short-lived User, Admin, or Group-scoped access tokens without the hassle of manual lifecycle management.
• Automated Pull Requests: Instantly generates a pull request in your GitHub repository containing the exact GitHub Actions code needed to start using OIDC with the JFrog CLI.

How It Works

1. Configure OIDC trust between GitHub and the JFrog Platform.
2. GitHub requests a short-lived token during the workflow execution.
3. The JFrog Platform validates the token to allow secure, temporary access to your JFrog resources.

Additional Information:

For more information, see:

• OpenID Connect Integration
• GitHub documentation: Configuring OpenID Connect in JFrog