Crate ci_id

Expand description

ci-id provides easy access to ambient OIDC credentials in CI systems like GitHub Actions.

match ci_id::detect_credentials(Some("my-audience")) {
    Ok(token) => println!("{}", token),
    Err(e) => eprintln!("{}", e)
}

§Environment specific setup

Typically the CI environment needs to allow OIDC identity access.

§GitHub Actions

Workflow must be given the permission to use the workflow identity:

permissions:
    id-token: write

§GitLab Pipelines

An ID token must be defined in the pipeline:

id_tokens:
    MY_AUDIENCE_ID_TOKEN:
        aud: my-audience

The ID token name must be based on the audience so that token name is <AUD>_ID_TOKEN where <AUD> is the audience string sanitized for environment variable names (uppercased and all characters outside of ascii letters and digits are replaced with “_”).

§CircleCI

No configuration is needed.

§Buildkite

No configuration is needed.

Enums§

CIIDError

Functions§

detect_credentials: Returns detected OIDC identity token.

Type Aliases§

Result

Crate ci_id

Crate ci_id Copy item path

§Environment specific setup

§GitHub Actions

§GitLab Pipelines

§CircleCI

§Buildkite

Enums§

Functions§

Type Aliases§

Crate ci_id