Feature Request: Ability to Pass Authentication Parameters Individually
See original GitHub issueIt would be great if this action allowed passing in the Subscription ID, Tenant ID, Client ID, and Client Secret as individual parameters instead of bundled in a single JSON object (creds
today). This would allow for easier use in pipelines that use Terraform (as it requires them split out). It would also make secret rotation easier as you don’t have to rebuilt the JSON object.
Potential syntax (as an alternative to the existing syntax):
- uses: azure/login@v1.1
with:
client_id: ${{ secrets.CLIENT_ID }}
client_secret: ${{ secrets.CLIENT_SECRET }}
subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.TENANTID }}
If you are open to PRs, I’d love to try this!
Issue Analytics
- State:
- Created 3 years ago
- Reactions:21
- Comments:22 (5 by maintainers)
Top Results From Across the Web
Authentication with the Report Server - Microsoft Learn
Each of the authentication types can be turned on or off individually. You can enable more than one authentication type if you want...
Read more >What is Authentication? - TechTarget
Authorization is a more granular process that validates that the authenticated user or process has been granted permission to gain access to the...
Read more >Navigating with Compose - Android Developers
Even though exposing events as individual lambda parameters could ... Navigation Compose also supports passing arguments between composable destinations.
Read more >Django Tutorial Part 8: User authentication and permissions
Django provides an authentication and authorization ... You'll be able to test the password reset functionality from the link in the login ......
Read more >Get Access Tokens - Auth0
Quickstarts are the easiest way to implement authentication. They show you how to use Universal Login and Auth0's language- and framework-specific SDKs. ·...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Here’s a proposal that might address all those questions, and is still simple for the new user; these 4 individual inputs would be for more advanced users.
creds
input works as it does now (except that it’s optional)creds_
prefix to help indicate that they are related to the creds JSON blob:creds_
input overrides the corresponding value in thecreds
JSON (if passed in by the user). This is similar to how ASP.NET Core configuration providers allow settings to be overlayed. This is actually kind of nice for some use cases, like below.In other words:
and so it just falls out that the basic simple use case still works unchanged:
I would also prefer to use individual secrets due to this potential issue as noted in the GitHub Documentation:
Any change in the tooling could potentially leak these secrets. In fact, if you try to “echo” the secret, it is not redacted by the platform. This should be documented as a risk when using the full json as a secret.