Workload Identity - CI/CD Glossary Definition
Workload identity lets a running workload authenticate to a cloud API using its own verifiable identity (often an OIDC token) instead of a stored service-account key.
How it removes keys
The cloud provider trusts the workload's OIDC issuer and, on presenting a valid token, mints short-lived credentials. No long-lived key file exists to leak.
In CI/CD
Latchkey and GitHub Actions runners use workload identity via OIDC so a job authenticates to AWS, GCP, or Azure without any static secret.
Related guides
OpenID Connect - CI/CD Glossary DefinitionOpenID Connect: OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0 that issues a signed ID…
Federated Identity - CI/CD Glossary DefinitionFederated Identity: Federated identity lets one system trust identities issued by another, so a token from a…
Service Account - CI/CD Glossary DefinitionService Account: A service account is a non-human identity used by an application or automation to authentica…