You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Create a [service account](https://oc.to/ServiceAccount) in Octopus with the permissions required. Note that OIDC is only support for service accounts, not user accounts.
- Configure an OIDC identity for the service account that matches the GitHub Actions subject claim for your repository and workflow. See the [Octopus OIDC documentation](https://oc.to/ServiceAccountOidcIdentities) for more information.
-Examples of the subject claims can be found in the [GitHub documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#defining-trust-conditions-on-cloud-roles-using-oidc-claims).
-See [example subject claims](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#example-subject-claims) for more information on the way that subject strings are generated by GitHub Actions.
- Copy the `Service Account Id` value from the Octopus service account. This will be a GUID.
- Configure your workflow job to have the `id-token: write` permissions. This allows the `OctopusDeploy/login` action to request an ID token from GitHub as part of the OIDC login process.
- Add the `OctopusDeploy/login` action to your workflow, specifying the `server` and `service_account_id` inputs.
