Skip to content

Commit

Permalink
Add OIDC integration blog to the README (#135)
Browse files Browse the repository at this point in the history
  • Loading branch information
@yahavi
yahavi authored Mar 10, 2024
1 parent 26da225 commit 48995be
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@ There exist two methods to provide these details, and you only need to choose **
### General
You can choose one of the following two methods to set the connection details to the JFrog Platform as secrets:
* [Storing the connection details using separate environment variables](#storing-the-connection-details-using-separate-environment-variables)
* [Storing the connection details using single Config Token](#storing-the-connection-details-using-single-config-token)
- [Storing the connection details using separate environment variables](#storing-the-connection-details-using-separate-environment-variables)
- [Storing the connection details using single Config Token](#storing-the-connection-details-using-single-config-token)
### Storing the connection details using separate environment variables
Expand Down Expand Up @@ -135,8 +135,9 @@ If you have multiple Config Tokens as secrets, you can use all of them in the wo
<summary>Connecting to JFrog using OIDC (OpenID Connect)</summary>

### General

The sensitive connection details, such as the access token used by JFrog CLI on the JFrog platform, can be automatically generated by the action instead of storing it as a secret in GitHub.
This is made possible by leveraging the OpenID-Connect (OIDC) protocol. This protocol can authenticate the workflow issuer and supply a valid access token, requiring only the JF_URL environment variable.
This is made possible by leveraging the OpenID-Connect (OIDC) protocol. This protocol can authenticate the workflow issuer and supply a valid access token, requiring only the JF_URL environment variable. Learn more about this integration in [this](https://jfrog.com/blog/secure-access-development-jfrog-github-oidc) blog post.
To utilize the OIDC protocol, follow these steps:

### JFrog Platform configuration
Expand Down Expand Up @@ -294,6 +295,7 @@ We welcome pull requests from the community. To help us improve this project, pl
## References
- [JFrog CLI Documentation](https://docs.jfrog-applications.jfrog.io/jfrog-applications/jfrog-cli)
- [Secure Access To Your Software Development with GitHub OpenID Connect (OIDC) and JFrog](https://jfrog.com/blog/secure-access-development-jfrog-github-oidc/)
- [GitHub Actions Documentation](https://docs.github.com/en/actions)
- [Security hardening for GitHub Actions](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)
- [Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

0 comments on commit 48995be

Please sign in to comment.