Secure deployments with OpenID Connect & GitHub Actions now generally available

GitHub Actions now supports OpenID Connect (OIDC), providing a more secure and efficient method for cloud deployments by allowing workflows to request short-lived access tokens directly from cloud providers such as AWS, Azure, Google Cloud Platform, and HashiCorp. This advancement eliminates the need to store long-lived cloud credentials as GitHub secrets, thus reducing security risks associated with token management. The integration with OIDC enables developers to maintain a clear separation between GitHub configuration and cloud permissions, offering granular control over workflow access to cloud resources through cloud provider authentication and authorization tools. In practice, developers can set up OIDC trust on their cloud roles, allowing GitHub Actions workflows to generate auto-generated OIDC tokens, which are then validated by the cloud provider to issue short-lived access tokens for workflow jobs. This process enhances security and simplifies cloud deployment management by ensuring tokens expire upon job completion, and official login actions from cloud partners have been updated to support this feature.