Pulumi has introduced an integration with OpenID Connect (OIDC) for its Deployments, enhancing security by allowing the use of temporary credentials and enabling granular access controls. This integration, requested by a GitHub user, builds on the OAuth 2.0 framework and uses JSON web tokens (JWTs) to verify user identity and obtain profile information. The key benefits include the ability to generate temporary credentials for each deployment, reducing the need to store sensitive credentials and enabling scoped access based on specific deployment parameters. Pulumi Deployments can automatically exchange OIDC tokens for temporary credentials with major cloud providers like AWS, Azure, and GCP, allowing for more secure and principle-based access management. Users can also manually exchange tokens for credentials with other cloud providers. To utilize features like Git Push to Deploy, users must enable OIDC in the Pulumi Console, which requires administrative access. Pulumi Deployments is currently available in preview, with free access during this period and usage-based pricing expected in the future.