HashiCorp Cloud Platform
hcp iam workload-identity-providers
Command: hcp iam workload-identity-providers
The hcp iam workload-identity-providers
command group lets you create and
manage Workload Identity Providers.
Creating a workload identity provider creates a trust relationship between HCP and an external identity provider. Once created, a workload can exchange its external identity token for an HCP access token.
HCP supports federating with AWS or any OIDC identity provider. This allows exchanging identity credentials for workloads running on AWS, GCP, Azure, GitHub Actions, Kubernetes, and more for an HCP Service Principal access token without having to store service principal credentials.
To make exchanging external credentials as easy as possible, create a credential
file using hcp iam workload-identity-providers create-cred-file
after creating
your provider.
The credential file contains details on how to source the external identity
token and exchange it for an HCP access token. The hcp
CLI can be
authenticated using a credential file by running hcp auth login --cred-file
.
For programatic access, the HCP Go SDK can be used and authenticated using a
credential file.
Usage
$ hcp iam workload-identity-providers <command> [Optional Flags]
Aliases
wips
. For example:hcp iam wips <command>
Commands
create-aws
- Create an AWS Workload Identity Provider.create-oidc
- Create an OIDC Workload Identity Provider.create-cred-file
- Create a credential file.delete
- Delete a workload identity provider.list
- List workload identity providers.read
- Show metadata about a workload identity provider.