Azure DevOps Secretless CI/CD via Workload Identity Federation
Key Questions
What is Azure DevOps Secretless CI/CD via Workload Identity Federation?
It uses OIDC tokens with AzDO CLI and AWS CodePipeline, replacing secrets with workload identity federation for signing and Terraform-based deployments.
How does Azure support artifact signing in pipelines?
Azure Pipelines integrate with PowerShell, Trusted Signing, SignTool, and tj-actions for artifact signing, with support for batch signing via DigiCert KeyLocker.
What is the purpose of public trust test profiles in Azure signing?
Public trust test profiles help clarify trust levels versus production profiles, reducing certificate waste and exposure during inner-loop development.
OIDC tokens; AzDO CLI/AWS CodePipeline; tj-actions/artifact-signing; PowerShell/Azure Trusted Signing/SignTool; Terraform 3-tier; Postman/ACR. Azure Pipelines triggers for CI/scheduled/gated orchestration; AWS Lambda code signing with Terraform and automated validation enhance pipeline hardening. New Q&A on Azure Artifact Signing trust profiles clarifies Public Trust Test vs Public Trust for inner-loop dev, reducing certificate waste and exposure.