AWS is great for this. IAM policies can allow IP Addresses or more safely just named EC2 instances. Our deploy server requires nothing.
AWS is great for this. IAM policies can allow IP Addresses or more safely just named EC2 instances. Our deploy server requires nothing.
CircleCI and I believe GHA support injecting signed JWTs you can use to bootstrap identity be it an IAM role or some other platform where you can trust an OIDC issuer
> injecting signed JWTs
How is that not secrets management?
It is. Just wanted to point out these flows are also possible on CI. In my other comment, I think it's more fair to differentiate long lived vs short lived secrets