Home / Companies / Cloudsmith / Blog / Post Details
Content Deep Dive

Securely Connect Cloudsmith to your CI/CD using OIDC Authentication

Blog post from Cloudsmith

Post Details
Company
Date Published
Author
Ciara Carey
Word Count
924
Company Posts That Month
3
Language
English
Hacker News Points
-
Post removed?
No
Summary

Cloudsmith's CI/CD pipelines are at risk due to the use of long-lived, static credentials and tokens. This can lead to data breaches in cloud environments. A better approach is to use OpenID Connect (OIDC) authentication, which provides a more secure way to handle authentication than hard-coded credentials or long-lived API tokens. Cloudsmith now supports OIDC natively, allowing users to authenticate against their API, CLI, and users with format-specific endpoints like Ruby, NuGet, Terraform, or Docker. By using OIDC, users can securely authenticate into Cloudsmith without storing long-lived secrets in their CI/CD platform, have more granular control over how workflows use credentials, and avoid the need to rotate API tokens. Cloudsmith's updated workflow with GitHub Actions using OIDC provides a secure and convenient way for software engineers to manage their workflows.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 2 880 127 57 +68%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.