JFrog and GitHub integration using OpenID Connect (OIDC) establishes trust between GitHub Actions and the JFrog Platform. This setup automates token management and enhances security through OIDC for verifying identities. The OIDC provides a short-lived token for use in GitHub Actions, which can also be utilized with JFrog CLI.
Using OIDC in your workflows, allow GitHub Actions CI pipelines to download and publish artifacts without generating tokens and limit access to specific repos in Artifactory.
Seamless Access
Provides automatic, secure access to JFrog resources without manual token creation.
Enhanced Security
Provides short-lived tokens based on identity, applying tokens based on assigned privileges.
User Traceability
Identifies users performing actions on the JFrog Platform.
Passwordless Experience
Eliminates the need to store secrets.
GitHub Actions automatically builds and deploys artifacts to JFrog Artifactory. OIDC integration ensures secure and efficient authentication, maintaining compliance and traceability.
Reduce Configuration Errors
Use general OIDC parameters for GitHub configuration and identity mapping.
Configuration at Scale
Dynamic User Mapping
Automatically maps GitHub user identifiers instead of individually mapping each user.
Wildcard Support
Defines patterns for identity mapping, such as matching all repositories within an organization (for example,
"sub": "repo:name-org/*"
).
OIDC Projects Support
OIDC integration establishes a trust relationship between JFrog and GitHub Actions, specifically for JFrog projects.
Project-Specific Authorization: Enables Project Admins to create identity mappings with project-specific authorizations, linking GitHub repositories to JFrog Projects.
Advantages:
Scalability: Delegates project admin tasks, reducing dependency on platform admins
Team Isolation: Enhances data protection by isolating access
Improved Performance: Minimizes conflicts
Enhanced Security: Limits access to the scope of the project only
Project Admins can create identity mappings with project-level authorizations to connect GitHub repositories with JFrog Projects.
To learn more, refer to GitHub Actions OIDC Integration Workflow and Configuring OpenID Connect in JFrog.