Skip to Content
OIDC Integrations

OIDC Integrations

OIDC  is a protocol for authenticating users between systems. Spiral integrates with several OIDC providers to allow users to authenticate more easily when accessing projects from those systems.

Please contact us if you require an integration with a specific OIDC provider.

AWS

Coming soon.

GCP

GCP  service accounts can be granted access to Spiral projects using Spiral CLI:

spiral projects grant blazing-parakeet-036267 --role editor --gcp <service_account_email>/<unique_id>

A unique ID is a permanent identifier for the service account, see service account docs .

Your code must be running on one of the following Google Cloud services in order to access the project:

  • Compute Engine
  • App Engine standard environment
  • App Engine flexible environment
  • Cloud Run
  • Cloud Run functions
  • Google Kubernetes Engine
  • Cloud Build

For more information on GCP OIDC, see GCP ID token docs .

Modal  apps and functions can be granted access to Spiral projects using Spiral CLI:

spiral projects grant blazing-parakeet-036267 --role editor --modal <workspace_id>/<environment_name>

Modal identity token contains the following claims: workspace_id, environment_id, environment_name, app_id, app_name, function_id, function_name, container_id. These claims can be used as grant conditions.

For more information on these claims, see Understanding your OIDC claims .

To pass conditions to the grant, use the --conditions flag, e.g. --conditions "app_name=<app_name>".

Please contact us if you require grant conditions.

For more information on Modal OIDC, see Modal docs .

GitHub

GitHub Actions  can be granted access to Spiral projects using Spiral CLI:

spiral projects grant blazing-parakeet-036267 --role editor --github <org>/<repo>

GitHub Actions identity token contains the following claims: environment, ref, sha, repository, repository_owner, actor_id, repository_visibility, repository_id, repository_owner_id, run_id, run_number, run_attempt, runner_environment, actor, workflow, head_ref, base_ref, event_name, ref_type, job_workflow_ref. These claims can be used as grant conditions. For more information on these claims, see Understanding the OIDC token .

To pass conditions to the grant, use the --conditions flag, e.g. --conditions "ref=develop".

Please contact us if you require grant conditions.

For more information on GitHub Actions OIDC, see GitHub Actions docs .

Last updated on
OpenTelemetry SinksTable Format