Skip to content
Latchkey

Workload Identity - CI/CD Glossary Definition

Workload identity lets a running workload authenticate to a cloud API using its own verifiable identity (often an OIDC token) instead of a stored service-account key.

How it removes keys

The cloud provider trusts the workload's OIDC issuer and, on presenting a valid token, mints short-lived credentials. No long-lived key file exists to leak.

In CI/CD

Latchkey and GitHub Actions runners use workload identity via OIDC so a job authenticates to AWS, GCP, or Azure without any static secret.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →