Crate ci_id

ci-id provides easy access to ambient OIDC credentials in CI systems like GitHub Actions.

match ci_id::detect_credentials(Some("my-audience")) {
    Ok(token) => println!("{}", token),
    Err(e) => eprintln!("{}", e)
}

Environment specific setup

Typically the CI environment needs to allow OIDC identity access.

GitHub Actions

Workflow must be given the permission to use the workflow identity:

permissions:
    id-token: write

GitLab Pipelines

An ID token must be defined in the pipeline:

id_tokens:
    MY_AUDIENCE_ID_TOKEN:
        aud: my-audience

The ID token name must be based on the audience so that token name is either

• ID_TOKEN for default audience
• <AUD>_ID_TOKEN where <AUD> is the audience string sanitized for environment variable names (uppercased and all characters outside of ascii letters and digits are replaced with “_”)

CircleCI

No configuration is needed.

Enums

• CIIDError

Functions

• detect_credentials
  Returns detected OIDC identity token.

Type Aliases

• Result