Skip to content
Latchkey

Workload Identity - CI/CD Glossary Definition

Workload identity is the broad pattern of giving a running workload (a CI job, a pod, a function) its own verifiable identity so it can obtain credentials without an embedded secret. GCP Workload Identity Federation and Azure workload identity are named implementations.

How it differs from a service account key

A static service-account key is a secret that can leak and rarely rotates. Workload identity issues short-lived tokens bound to the actual workload, so there is no long-lived credential to steal.

In CI

GitHub Actions OIDC tokens are federated to a cloud workload identity so a deploy job assumes a role for the duration of the run only.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →