diff --git a/content/blog/esc-editor-enhancements/index.md b/content/blog/esc-editor-enhancements/index.md index 496e191d117d..23acd1a32994 100644 --- a/content/blog/esc-editor-enhancements/index.md +++ b/content/blog/esc-editor-enhancements/index.md @@ -11,6 +11,7 @@ authors: tags: - esc - secrets + - features --- With [Pulumi ESC](/product/esc), our goal is to not only create a tool that simplifies the development process but also one that developers love. In pursuit of this goal, we're excited to announce enhancements to the Pulumi ESC environment editor. These enhancements are focused on addressing common challenges encountered when authoring environments: syntax errors, type errors, frequent context switches to and from documentation, and more. Our aim is to make the process of authoring environments as straightforward as possible by removing common hurdles. diff --git a/content/blog/esc-key-value-table-editor-launch/index.md b/content/blog/esc-key-value-table-editor-launch/index.md index b53a0a5a5896..ef53107ade30 100644 --- a/content/blog/esc-key-value-table-editor-launch/index.md +++ b/content/blog/esc-key-value-table-editor-launch/index.md @@ -11,6 +11,7 @@ tags: - esc - secrets - config management + - features --- diff --git a/content/blog/oidc-trust-github-action/index.md b/content/blog/oidc-trust-github-action/index.md new file mode 100644 index 000000000000..16b1052fc611 --- /dev/null +++ b/content/blog/oidc-trust-github-action/index.md @@ -0,0 +1,80 @@ +--- +title: "Simplify OIDC Trust with the New Pulumi GitHub Action" + +date: 2024-05-20T21:45:13Z + +meta_desc: Introducing Pulumi GitHub Action for OIDC Trust Relationships + +# The meta_image appears in social-media previews and on the blog home page. A +# placeholder image representing the recommended format, dimensions and aspect +# ratio has been provided for you. +meta_image: meta.png + +# At least one author is required. The values in this list correspond with the +# `id` properties of the team member files at /data/team/team. Create a file for +# yourself if you don't already have one. +authors: + - german-lena + - arun-loganathan + + +# At least one tag is required. Lowercase, hyphen-delimited is recommended. +tags: + - oidc + - openid-connect + - features + +# See the blogging docs at https://github.com/pulumi/pulumi-hugo/blob/master/BLOGGING.md +# for details, and please remove these comments before submitting for review. +--- + +We're excited to announce a new GitHub Action that simplifies the integration of Pulumi's powerful [OpenID Connect](/docs/pulumi-cloud/oidc/client/) (OIDC) Trust feature into your [GitHub Actions](/docs/pulumi-cloud/oidc/client/github/) workflows. This action streamlines secure authentication with Pulumi Cloud, allowing you to leverage GitHub as an identity provider and eliminate the need for long-lived Pulumi access tokens. + + + +## A Quick Refresher on Pulumi's OIDC Trust + +The OIDC Trust feature allows you to configure trusted OIDC identity providers, such as GitHub, GitLab, or Google Cloud, within your Pulumi organization. This feature ensures secure and straightforward integration of [Pulumi Cloud](/docs/pulumi-cloud/) within any OIDC-compliant system. Once set up, you can securely exchange short-lived OIDC tokens from these providers for temporary Pulumi access tokens. These tokens can then be used to authenticate to Pulumi and perform actions such as deploying your infrastructure using Pulumi IaC, retrieving secrets stored in Pulumi ESC, etc. This approach enhances security by eliminating the need to store long-lived sensitive credentials and aligns with best cloud practices. + +## Streamlining OIDC Trust with GitHub Actions + +Our new GitHub Action makes using OIDC Trust even easier. It automates the secure retrieval of Pulumi access tokens directly within your [GitHub workflows](/docs/using-pulumi/continuous-delivery/github-actions/), streamlining the authentication process and eliminating manual steps. This automation reduces errors, enhances security by reducing potential token leakage, and improves the maintainability of your workflows, making them cleaner, more readable, and easier to update. + +## Example Usage + +This example demonstrates how to use the Action to authenticate with OIDC and run the `pulumi preview` command. + +```yaml +name: Pulumi preview +on: + workflow_dispatch: + +permissions: + id-token: write + contents: read + +jobs: + run_cron_job: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - uses: pulumi/auth-actions@v1 + with: + organization: org-name + requested-token-type: urn:pulumi:token-type:access_token:organization + + - uses: pulumi/actions@v5 + with: + command: preview + stack-name: org-name/stack-name +``` + +For more information about the `pulumi/auth-actions@v1` Action, check the [Pulumi Auth Action documentation](https://github.com/marketplace/actions/pulumi-auth-action). + +## Conclusion + +The new GitHub Action for Pulumi OIDC Trust makes it easier than ever to incorporate secure, short-lived credential management into your GitHub Actions workflows. Embrace the power of OIDC, eliminate the "secret zero" problem, and streamline your Pulumi deployments with ease. + +Give the action a try in your next GitHub Actions workflow and let us know what you think! Check out our [documentation](/docs/pulumi-cloud/oidc/client/github/) for more details. diff --git a/content/blog/oidc-trust-github-action/meta.png b/content/blog/oidc-trust-github-action/meta.png new file mode 100644 index 000000000000..4a6fd9adaf97 Binary files /dev/null and b/content/blog/oidc-trust-github-action/meta.png differ diff --git a/content/blog/oidc-trust-relationships/index.md b/content/blog/oidc-trust-relationships/index.md index 35255f18246d..e5c0f8f03dca 100644 --- a/content/blog/oidc-trust-relationships/index.md +++ b/content/blog/oidc-trust-relationships/index.md @@ -35,7 +35,7 @@ authors: tags: - oidc - openid-connect - - feature + - features # See the blogging docs at https://github.com/pulumi/docs/blob/master/BLOGGING.md # for details, and please remove these comments before submitting for review. diff --git a/content/blog/pulumi-esc-public-preview-for-1password-support/index.md b/content/blog/pulumi-esc-public-preview-for-1password-support/index.md index a734aee23c53..f599d50f032d 100644 --- a/content/blog/pulumi-esc-public-preview-for-1password-support/index.md +++ b/content/blog/pulumi-esc-public-preview-for-1password-support/index.md @@ -11,6 +11,7 @@ tags: - esc - secrets - 1password + - features ---