No More Seat Costs: Semaphore Plans Just Got Better!

Semaphore

Blog
write with us

    No More Seat Costs: Semaphore Plans Just Got Better!

    Semaphore

    7 Dec 2022 · Semaphore News

    Introducing Support for OpenID Connect

    2 min read
    Contents

    At Semaphore, we are always looking for ways to improve our authentication and security systems. That’s why we are excited to announce that we are now supporting OpenID Connect (OIDC), an open standard for authentication.

    What is Open ID Connect?

    OIDC is an authentication protocol built on top of the OAuth 2.0 framework. It allows pipelines to securely authenticate with cloud providers, such as Google or AWS, or to connect to secret management tools like Hashicorp Vault. Semaphore pipelines can access resources on these platforms without creating and storing long-living credentials.

    This allows:

    • Fine-grained control accessing resources on Cloud providers. For example, you can limit access to your production system only to pipelines running on the main branch.
    • A seamless connection between Semaphore CI and Cloud providers. For example, pipelines can directly assume AWS roles and inherit versatile policy options from AWS.
    • Eliminate the need for storing long-lived access credentials, and grant only short-lived access to your cloud resources from any given pipeline.

    Establish a trust relationship between Semaphore and your Cloud Provider

    To access your cloud resources from Semaphore workflows, first, you need to establish a trust relationship between Semaphore and your cloud provider.

    1. Set up OIDC trust on your cloud provider to manage access between pipelines and cloud resources.
    2. In each pipeline, Semaphore presents an OIDC JWT token to the cloud provider with information about the project, branch, pull request name and number, job, pipeline, and workflow IDs.
    3. The Cloud provider validates the claims and provides a short-lived access token to fetch secrets, deploy your code, or to manage resources during the execution of the pipeline.

    For details about setting up and using Open ID Connect with your preferred cloud provider, read the documentation page about connecting with OIDC.

    Start using Open ID Connect

    We are excited to offer support for OIDC, and we believe it will greatly improve the developer experience and security of our application. OpenID Connect is available on the Enterprise plan.

    Would you like to check out OpenID Connect for your organization? Feel free to contact us at support@semaphoreci.com, and we’ll be happy to help you.

    Thank you for using Semaphore!

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Avatar
    Writen by:
    Igor Šarčević
    Chief Architect at Semaphore. A decade of experience in dev productivity, helping close to 50,000 organizations with operational excellence.