When using GitLab as an OpenID Connect (OIDC) provider, you can now configure the duration of ID tokens with the id_token_expiration attribute. Previously, ID tokens had a fixed expiration time of 120 seconds. Thank you Henry Sachs for your contribution! Documentation Issue Identify and revok...
with a JSON web token (JWT) to retrieve temporary credentials from AWS without needing to store secrets. To do this, you must configure OpenID Connect (OIDC) for ID federation between GitLab and AWS. For background and requirements for integrating GitLab using OIDC, seeConnect to cloud ...
You can also use OpenID Connect (OIDC) authentication for secrets managers which do not have a native integration. Malicious scripts like in malicious-job must be caught during the review process. Reviewers should never trigger a pipeline when they find code like this, because malicious code can...
In the generated .aws-sam/pipeline/pipelineconfig.toml file, I have: version = 0.1 [default.pipeline_bootstrap.parameters] oidc_provider_url = "https://own-gitlab.com/" oidc_client_id = "https://own-gitlab.com" ... Sign up for free to join this conversation on GitHub. Already have...
GitLab 18 & the next step in intelligent DevSecOps. Join us June 24.
Defaults to AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY Default AWS access key to be used for object store. Defaults to AWS_SECRET_ACCESS_KEY AWS_REGION AWS Region. Defaults to us-east-1 AWS_HOST Configure this for an compatible AWS host like minio. Defaults to $AWS_HOST. Defaults to s3....
AWS Cognito Azure Bitbucket Cloud Generic OAuth2 GitHub GitLab.com Google JWT Kerberos Troubleshooting OpenID Connect OmniAuth Salesforce SAML Configure SCIM Shibboleth OpenID Connect identity Smartcard Test OIDC/OAuth in GitLab Vault Configure GitLab Admin area Application...
job_with_id_tokens: id_tokens: ID_TOKEN_1: aud: https://vault.example.com ID_TOKEN_2: aud: - https://gcp.com - https://aws.com SIGSTORE_ID_TOKEN: aud: sigstore script: - command_to_authenticate_with_vault $ID_TOKEN_1 - command_to_authenticate_with_aws $ID_TOKEN_2 - command_...
(published) release-image: "123456789012.dkr.ecr.us-east-1.amazonaws.com/$CI_PROJECT_PATH_SLUG:$CI_COMMIT_REF_NAME" - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker-ecr@6.1.4 inputs: # default Role ARN (using OIDC authentication method) aws-oidc-role-arn: "arn...
Configurable token duration with GitLab OIDC provider (self-managed only): System Access When using GitLab as an OpenID Connect (OIDC) provider, you can now configure the duration of ID tokens with the id_token_expiration attribute. Previously, ID tokens had a fixed expiration time of 120 ...