July 12, 2023
Secretless Authorization (Using OIDC)
With Gitpod you can use OIDC to connect Gitpod workspaces to cloud providers or third parties such as AWS, Azure, GCP, or secret management services like Vault. Using OIDC integration eliminates the need to manually distribute access credentials, secrets, and other key material via other methods such as environment variables.
gp idp token in any workspace (works in
.gitpod.yml and with prebuilds) to retrieve the workspace JWT token for exchange with the OIDC supporting 3rd party.
ℹ️ Note: The following shows how you can connect AWS to a Gitpod Cloud workspace. Steps can vary based on the 3rd party you are integrating and the domain of your Gitpod installation, see the documentation below for details.
- Setup Gitpod as an AWS Identity Provider (Using
https://api.gitpod.io/idpas the Audience).
- Create an AWS role with permissions to perform
- Update your
.gitpod.ymlto exchange your workspace JWT token for an access token.
gp idp login aws --role-arn <your-iam-role-arn> aws secretsmanager get-secret-value --secret-id database_connection_string