Static credentials suck. Dynamic credentials are the bomb! You can use the token service on GitHub actions to perform OIDC authentication with Azure AD and leverage that authentication with Terraform for deployments and state data storage. Why don't we walk through the setup process for using OIDC authentication and apply it to a GitHub repository and Azure AD tenant.
Pluralsight Cloud Happy (https://www.pluralsight.com/offer/cloud-certification)
Demystifying Azure AD Service Principals (https://nedinthecloud.com/2019/07/16/demystifying-azure-ad-service-principals/)
OIDC Azure Module (https://registry.terraform.io/modules/ned1313/github_oidc/azuread/latest)
-----------------------------------------------------------------------------------------------------
Day Two Cloud: https://daytwocloud.io
Chaos Lever: https://chaoslever.com
Website: https://nedinthecloud.com
Pluralsight: https://app.pluralsight.com/profile/author/edward-bellavance
GitHub: https://github.com/ned1313
Music by Evan Williams ©2020
Timestamps:
Intro 0:00
Why use OIDC? 1:53
The GitHub Actions OIDC Workflow 4:23
Configuring Azure AD 7:33
Configuring GitHub Actions 12:39
Running the Workflows 19:17
Trying it yourself 24:04
Summary: 26:00