Learn how to authenticate CircleCI jobs with Infisical using OpenID Connect (OIDC).
/api/v1/auth/oidc-auth/login
endpoint. If successful,
then Infisical returns a short-lived access token that can be used to make authenticated requests to the Infisical API.
To be more specific:
/api/v1/auth/oidc-auth/login
endpoint.Creating an identity
https://oidc.circleci.com/org/<organization_id>
where organization_id
refers to the CircleCI organization where the job is being run.https://oidc.circleci.com/org/<organization_id>
as well.org/<organization_id>/project/<project_id>/user/<user_id>
where organization_id, project_id, and user_id are UUIDs that identify the CircleCI organization, project, and user, respectively. The user is the CircleCI user that caused this job to run.organization_id
corresponding to where the job is running.2592000
equivalent to 30 days): The lifetime for an acccess token in seconds. This value will be referenced at renewal time.2592000
equivalent to 30 days): The maximum lifetime for an acccess token in seconds. This value will be referenced at renewal time.0
): The maximum number of times that an access token can be used; a value of 0
implies infinite number of uses.0.0.0.0/0
, allowing usage from any network address.
subject
, audiences
, and claims
fields support glob pattern matching; however, we highly recommend using hardcoded values whenever possible.Adding an identity to a project
Using CircleCI OIDC token to authenticate with Infisical
$CIRCLE_OIDC_TOKEN
with the Infisical terraform provider to manage resources in a CircleCI pipeline.INFISICAL_AUTH_JWT
environment variable to be set to the CircleCI OIDC token.7200
seconds which can be adjusted.If an identity access token expires, it can no longer authenticate with the Infisical API. In this case,
a new access token should be obtained by performing another login operation.