HN Showcase
Back to browse
GitHub Repository

A tiny SSH CA for CI/CD and ssh ops — issues short-lived SSH certificates from GitHub Actions OIDC. No long-lived keys in secrets.

0 starsGo

Oidc-SSH-ca – Issues short-lived SSH certs for GitHub Actions via OIDC

by atsuoishimoto·Jun 14, 2026·1 point·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidSolve My ProblemShip It

OIDC-signed SSH certs for GitHub Actions without the complexity of Vault or Teleport.

Strengths
  • Forced commands based on OIDC claims restrict workflow permissions very tightly.
  • Single static Go binary with no runtime dependencies simplifies deployment.
  • Audit logging ties every SSH session to specific GitHub workflow runs.
Weaknesses
  • Only supports GitHub Actions OIDC, excluding GitLab or other providers.
  • Lacks the broader identity management features found in Vault or Teleport.
Category
Security
Target Audience

DevOps engineers and platform teams managing CI/CD security

Similar To

smallstep step-ca · HashiCorp Vault · Teleport

Similar Projects

AI/ML●●Solid

An open-source AI Scrum Team that lives natively in GitHub Issues

GitHub Actions as agent orchestrator beats local VPS security nightmares.

Big BrainShip It
dongjiewu
102mo ago