Commit SHA in OIDC tokens | Feature Requests | CircleCI Ideas

Powered by Canny

Commit SHA in OIDC tokens

p

pietro@pietroalbini.org

Could the commit SHA be included as a claim in the OIDC token generated by CircleCI? That would allow to:

Restrict policies more tightly, allowing jobs to only upload to s3://bucket/commit-sha/* for example
Establish provenance, as the commit hash used in the build would be signed by CircleCI

Powered by Canny