Replies: 3 comments
-
|
Would you still have per-organization OIDC providers in addition to the central hosted provider, like GitHub's setup? If so, I think it'd be fine to proceed with pushing this out to prod, since there would be no deprecation of the per-organization providers. If you are planning to only have the well-known configuration hosted at |
Beta Was this translation helpful? Give feedback.
-
|
Yes. everything existing will stay the same. No deprecation - so yes, like github setup. So cool let move it to prod. Since pypi (and I think other package repos) will require a custom |
Beta Was this translation helpful? Give feedback.
-
|
This has now been rolled out to prod. Can you verify it's working as expected? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Tested out in https://fulcio.sigstage.dev, things worked as expected (meeech#1)
Before we promote to prod, i just want to check something.
Based on this discussion (pypi/warehouse#13888 (comment)), I am pursuing putting our .well-known at the root of the oidc.circleci.com domain.
Is it better to just wait till that's done, and add that to the
identity/config.yaml?so we would be similar to github - they have
https://token.actions.githubusercontent.com/*in metaissuers andhttps://token.actions.githubusercontent.com/in oidc-issuers. So we would do the same.Beta Was this translation helpful? Give feedback.
All reactions