Allow OIDC to be used between 1password and GitHub Actions

[scott-doyland-burrows]

Currently a 1password token is needed to be held in GitHub Actions as below:

OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

Can OIDC integration be implemented so the token can be removed.

If OIDC is integrated then please implement like it is between AWS and GitHub Actions, where we can use wildcards for repo names and we do not need to specify a GitHub Actions environment or branch.

Please do not implement like Azure where wildcards are not possible - as this is just so limiting to have to keep adding every single repo to the OIDC config.

[florisvdg]

OIDC authentication for the GitHub action is something we're investigating! Would indeed be great if we can remove the static token per repo.

[scott-doyland-burrows]

Is there any news on how this is progressing?

[mabergstrom]

Any updates regarding this?

[scott-doyland-burrows]

OIDC between Terraform Cloud and 1password would also be really useful.

[airtonix]

two years and counting.

might have to cancel my subscription

[nie7321]

Not needing to manage and rotate dozens of service account tokens would be a huge boon.