Comment by themafia
7 days ago
AWS is great for this. IAM policies can allow IP Addresses or more safely just named EC2 instances. Our deploy server requires nothing.
7 days ago
AWS is great for this. IAM policies can allow IP Addresses or more safely just named EC2 instances. Our deploy server requires nothing.
CircleCI and I believe GHA support injecting signed JWTs you can use to bootstrap identity be it an IAM role or some other platform where you can trust an OIDC issuer
> injecting signed JWTs
How is that not secrets management?
It is. Just wanted to point out these flows are also possible on CI. In my other comment, I think it's more fair to differentiate long lived vs short lived secrets