github · GitHub Actions Docs
Actions Configuring OpenID Connect in HashiCorp Vault - GitHub Docs
Configures HashiCorp Vault to authenticate GitHub Actions via OpenID Connect (OIDC) by setting up JWT authentication roles and updating GitHub workflow YAML permissions to exchange OIDC tokens for Vault access tokens.
Derived skill
Files assembled from official documentation
Viewing SKILL.md
Actions Configuring OpenID Connect in HashiCorp Vault - GitHub Docs
Configures HashiCorp Vault to authenticate GitHub Actions via OpenID Connect (OIDC) by setting up JWT authentication roles and updating GitHub workflow YAML permissions to exchange OIDC tokens for Vault access tokens.
When To Use
Use when you need to implement passwordless authentication between GitHub Actions and HashiCorp Vault using OIDC to securely retrieve secrets.
Reference Files
| File | Contains | Use For |
|---|---|---|
SKILL.md | Entry point: scope, routing table, and workflow. | Start here. |
docs/actions-how-tos-secure-your-work-configuring-openid-connect-in-hashicorp-workflow-guide.md | A guide on configuring OpenID Connect between GitHub Actions and HashiCorp Vault to secure deployments. | Questions about a guide on configuring OpenID Connect between GitHub Actions and HashiCorp Vault to secure deployments. |
examples/actions-how-tos-secure-your-work-configuring-openid-connect-in-hashicorp.text | A text snippet demonstrating the command to enable the JWT authentication method in HashiCorp Vault for GitHub Actions OIDC integration. | Exact payloads, commands, or snippets shown in A text snippet demonstrating the command to enable the JWT authentication method in HashiCorp Vault for GitHub Action... |
examples/actions-how-tos-secure-your-work-configuring-openid-connect-in-hashicorp-2.text | Vault CLI commands to configure the JWT authentication method using GitHub Actions OIDC issuer and discovery URLs. | Exact payloads, commands, or snippets shown in Vault CLI commands to configure the JWT authentication method using GitHub Actions OIDC issuer and discovery URLs. |
examples/actions-how-tos-secure-your-work-configuring-openid-connect-in-hashicorp-3.text | A HCL policy definition for granting read-only access to a specific secret path in HashiCorp Vault. | Exact payloads, commands, or snippets shown in A HCL policy definition for granting read-only access to a specific secret path in HashiCorp Vault. |
examples/actions-how-tos-secure-your-work-configuring-openid-connect-in-hashicorp-4.text | A shell command demonstrating how to configure a JWT authentication role in HashiCorp Vault for GitHub Actions using OIDC. | Exact payloads, commands, or snippets shown in A shell command demonstrating how to configure a JWT authentication role in HashiCorp Vault for GitHub Actions using... |
examples/actions-how-tos-secure-your-work-configuring-openid-connect-in-hashicorp-5.text | A GitHub Actions workflow YAML configuration demonstrating how to use OpenID Connect to retrieve secrets from HashiCorp Vault. | Exact payloads, commands, or snippets shown in A GitHub Actions workflow YAML configuration demonstrating how to use OpenID Connect to retrieve secrets from HashiCo... |
examples/actions-how-tos-secure-your-work-configuring-openid-connect-in-hashicorp-6.text | A GitHub Actions workflow YAML configuration demonstrating how to use OpenID Connect to retrieve secrets from HashiCorp Vault. | Exact payloads, commands, or snippets shown in A GitHub Actions workflow YAML configuration demonstrating how to use OpenID Connect to retrieve secrets from HashiCo... |
What This Skill Covers
-
- GitHub Actions / - How-tos / - Secure your work / - Security harden deployments / - OIDC in HashiCorp Vault
- Main sections:
In this article,Overview,Prerequisites,Adding the identity provider to HashiCorp Vault,Updating your GitHub Actions workflow.
Workflow
- Open the most relevant file under
docs/for the exact documented workflow and wording. - Open
schemas/files for exact structured contracts. - Open
examples/files for concrete requests, commands, snippets, and manifests. - Do not add behavior or configuration that is not present in the attached source files.
Canonical source: https://docs.github.com/en/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-hashicorp-vault