Secretless CI - CI/CD Glossary Definition
Secretless CI removes the stored secret entirely, so there is nothing static to leak or rotate.
Secretless CI is a pipeline design where no long-lived secrets are stored in the repository or CI settings; every credential is minted at runtime through federated identity.
It relies on OIDC federation and short-lived credentials to authenticate to clouds and registries, leaving only trust policies to manage instead of key material.
Related guides
OIDC Federation (CI to Cloud) - CI/CD Glossary DefinitionOIDC Federation (CI to Cloud): OIDC federation lets a CI workflow present a signed identity token to a cloud…
Short-Lived Credentials - CI/CD Glossary DefinitionShort-Lived Credentials: Short-lived credentials are access tokens that expire minutes after issue, so a leak…
Workload Identity - CI/CD Glossary DefinitionWorkload Identity: Workload identity is the practice of giving an automated workload (a CI job, service, or p…