diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/run-identity/README.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/run-identity/README.md b/doc/run-identity/README.md new file mode 100644 index 0000000..cb9b119 --- /dev/null +++ b/doc/run-identity/README.md @@ -0,0 +1,20 @@ +We will be exploring the idea of Run Identity for TFC, and how it could be used +to automate the authentication of Terraform providers at scale. While our work +this quarter will determine the eventual solution, one direction that has been +discussed would be to include a JWT with every run that includes the run's +workspace and organization in its metadata. + +Our overarching goal though is to enable the Vault Provider to be programmatically +configured to access a Workspace's secrets securely without the need to store +and manage Vault credentials inside TFC. + +Reference Links: + +* [PRD](https://docs.google.com/document/d/1IGSX1eSk6zQw1Fk0LUuJ9KgeEZgQoPg7126NfnQbL1M/edit#) +* [GitHub Example](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token) + +Related Field Requests: + +* [Workspace Authentication (w/ Vault)](https://app.asana.com/0/1118351459439625/1141373083986005) +* [Vault Provider Authentication in TFE](https://app.asana.com/0/950583539553838/1169207799468041) +* [[TFE] Cloud Provider Authentication (w/ Vault)](https://app.asana.com/0/1118351459439625/1169212936201843) |