Skip to content

Commit 90120e7

Browse files
brettfoNishnhaCopilotjc-clark
authored
provide examples for all OIDC providers (#59570)
Co-authored-by: Nish Sinha <nishnha@github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
1 parent 473aa11 commit 90120e7

1 file changed

Lines changed: 45 additions & 1 deletion

File tree

content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md

Lines changed: 45 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -136,7 +136,51 @@ With OIDC-based authentication, {% data variables.product.prodname_dependabot %}
136136
* Azure DevOps Artifacts
137137
* JFrog Artifactory
138138

139-
To configure OIDC authentication, you need to specify `tenant-id` and `client-id` instead of `username` and `password` in your registry configuration.
139+
To configure OIDC authentication, you need to specify different values instead of `username` and `password` in your registry configuration.
140+
141+
### AWS CodeArtifact
142+
143+
AWS CodeArtifact requires the values `aws-region`, `account-id`, `role-name`, `domain`, and `domain-owner`. The `audience` field is optional.
144+
145+
```yaml
146+
registries:
147+
my-aws-codeartifact-feed:
148+
type: npm-registry
149+
url: https://MY_DOMAIN-MY-ACCOUNT_ID.d.codeartifact.REGION.amazonaws.com/npm/MY_REPOSITORY/
150+
aws-region: REGION
151+
account-id: '123456789012'
152+
role-name: MY_ROLE_NAME
153+
domain: MY_DOMAIN
154+
domain-owner: '987654321098'
155+
audience: MY_AUDIENCE # if required by your feed
156+
```
157+
158+
### Azure DevOps Artifacts
159+
160+
Azure DevOps Artifacts requires the values `tenant-id` and `client-id`:
161+
162+
```yaml
163+
registries:
164+
my-azure-devops-artifacts-feed:
165+
type: npm-registry
166+
url: https://pkgs.dev.azure.com/MY-ORGANIZATION/MY-PROJECT/_packaging/MY-FEED/npm/registry/
167+
tenant-id: {% raw %}${{ secrets.AZURE_TENANT_ID }}{% endraw %}
168+
client-id: {% raw %}${{ secrets.AZURE_CLIENT_ID }}{% endraw %}
169+
```
170+
171+
### JFrog Artifactory
172+
173+
JFrog Artifactory requires the values `url` and `jfrog-oidc-provider-name`. The values `audience` and `identity-mapping-name` are optional:
174+
175+
```yaml
176+
registries:
177+
my-jfrog-artifactory-feed:
178+
type: npm-registry
179+
url: https://JFROG-PLATFORM-URL/artifactory/api/npm/MY-REPOSITORY
180+
jfrog-oidc-provider-name: MY-PROVIDER
181+
audience: MY-AUDIENCE # if required by your feed
182+
identity-mapping-name: MY-IDENTITY-MAPPING # if required by your feed
183+
```
140184

141185
For more information about how OIDC works, see [AUTOTITLE](/actions/concepts/security/openid-connect).
142186

0 commit comments

Comments
 (0)