Cloudsmith's CI/CD pipelines are at risk due to the use of long-lived, static credentials and tokens. This can lead to data breaches in cloud environments. A better approach is to use OpenID Connect (OIDC) authentication, which provides a more secure way to handle authentication than hard-coded credentials or long-lived API tokens. Cloudsmith now supports OIDC natively, allowing users to authenticate against their API, CLI, and users with format-specific endpoints like Ruby, NuGet, Terraform, or Docker. By using OIDC, users can securely authenticate into Cloudsmith without storing long-lived secrets in their CI/CD platform, have more granular control over how workflows use credentials, and avoid the need to rotate API tokens. Cloudsmith's updated workflow with GitHub Actions using OIDC provides a secure and convenient way for software engineers to manage their workflows.