actions/auth
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Document ID Token lifetimes (#433)

Browse Source 
Closes https://github.com/google-github-actions/auth/issues/432
This commit is contained in:
Seth Vargo 2024-08-06 21:28:34 -04:00 committed by GitHub
parent f112390a2d
commit 6384b341b7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -191,6 +191,10 @@ Cloud as an output for use in future steps in the workflow. These options only
apply to ID tokens generated by this action. By default, this action does not apply to ID tokens generated by this action. By default, this action does not
generate any tokens. generate any tokens.
> [!CAUTION]
>
> ID Tokens have a maximum lifetime of 10 minutes. This value cannot be changed.
- `service_account`: (Required) Email address or unique identifier of the - `service_account`: (Required) Email address or unique identifier of the
Google Cloud service account for which to generate the ID token. For Google Cloud service account for which to generate the ID token. For
example: example:
@ -333,8 +337,8 @@ In this setup, the Workload Identity Pool has direct IAM permissions on Google
Cloud resources; there are no intermediate service accounts or keys. This is Cloud resources; there are no intermediate service accounts or keys. This is
preferred since it directly authenticates GitHub Actions to Google Cloud without preferred since it directly authenticates GitHub Actions to Google Cloud without
a proxy resource. However, not all Google Cloud resources support `principalSet` a proxy resource. However, not all Google Cloud resources support `principalSet`
identities. Please see the documentation for your Google Cloud service for more identities, and the resulting token has a maximum lifetime of 10 minutes. Please
information. see the documentation for your Google Cloud service for more information.
[![Authenticate to Google Cloud from GitHub Actions with Direct Workload Identity Federation](docs/google-github-actions-auth-direct-workload-identity-federation.svg)](docs/google-github-actions-auth-direct-workload-identity-federation.svg) [![Authenticate to Google Cloud from GitHub Actions with Direct Workload Identity Federation](docs/google-github-actions-auth-direct-workload-identity-federation.svg)](docs/google-github-actions-auth-direct-workload-identity-federation.svg)