You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Authenticating with AWS currently requires setting up access keys.
However many other providers (e.g. Github, Fly.io etc) allow you to authenticate machines via OIDC requests.
It would be really great to support authenticating to AWS via OIDC. This means you just pass a role via an environment variable in the trigger task and set it up once in your AWS account to give a trigger task access, then it makes a request to trigger via OIDC and authenticates per run. You don't need to pass around access keys and such and your giving access to a role rather than keys.
This is how I often authenticate with say Github repos, so I'm not managing keys.
Great feature add.
Describe the solution you'd like to see
Setup my AWS account with correct trigger.dev OIDC credentials and give permission to a specific task name (or names).
Then, when authenticating the trigger OIDC server says yes/no and my app can authenticate to AWS and assume a role without passing any credentials.
Describe alternate solutions
Right now, the other solution is passing access credentials directly. This is less secure.
Additional information
No response
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Authenticating with AWS currently requires setting up access keys.
However many other providers (e.g. Github, Fly.io etc) allow you to authenticate machines via OIDC requests.
It would be really great to support authenticating to AWS via OIDC. This means you just pass a role via an environment variable in the trigger task and set it up once in your AWS account to give a trigger task access, then it makes a request to trigger via OIDC and authenticates per run. You don't need to pass around access keys and such and your giving access to a role rather than keys.
This is how I often authenticate with say Github repos, so I'm not managing keys.
Great feature add.
Describe the solution you'd like to see
Setup my AWS account with correct trigger.dev OIDC credentials and give permission to a specific task name (or names).
Then, when authenticating the trigger OIDC server says yes/no and my app can authenticate to AWS and assume a role without passing any credentials.
Describe alternate solutions
Right now, the other solution is passing access credentials directly. This is less secure.
Additional information
No response
The text was updated successfully, but these errors were encountered: