Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC-based auth for Service Accounts #82

Open
michaelfedell opened this issue Jan 29, 2025 · 1 comment
Open

OIDC-based auth for Service Accounts #82

michaelfedell opened this issue Jan 29, 2025 · 1 comment

Comments

@michaelfedell
Copy link

Is your feature request related to a problem? Please describe.
Using the Doppler provider requires that a static access token be generated and kept in the cluster to authorize the SecretStore to Doppler.

Describe the solution you'd like
Doppler now supports OIDC Service Account auth which would provide a significant improvement to secret access. So long as the k8s cluster has an OIDC provider enabled, it should be able to use a k8s ServiceAccount token to authenticate to Doppler as the configured doppler service-account.

Describe alternatives you've considered
Rotating access tokens, deploying them to cluster, and reflecting across required namespaces... this approach is complex, fragile, and less secure than identity-based access.

Additional context

https://docs.doppler.com/docs/service-account-identities
@nmanoogian
Copy link
Member

Thanks for the recommendation, @michaelfedell! We're tracking this internally and will follow up here with updates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nmanoogian @michaelfedell