OpenID Connect in Octopus Deploy

Octopus Deploy has integrated OpenID Connect (OIDC) to enhance security and streamline credential management for its users. By using OIDC, customers can minimize the number of credentials stored in Octopus, eliminating the need for credential rotation and improving security by allowing granular permission control. Octopus can function as both a client, authenticating with Azure and AWS during deployments, and a resource server, enabling trusted providers like GitHub Actions to authenticate with it. This approach enables passwordless deployments and enhances security by enforcing subject claims for environment-specific access. Customer feedback highlights the efficiency of using OIDC, with examples such as a GitHub web app that builds and deploys using only a Docker Hub secret and communicates with services using managed identities, further reducing the need for stored credentials. The integration of OIDC simplifies maintenance and enhances the security posture of deployment processes.