Show HN: Oidc-SSH-ca – Issues short-lived SSH certs for GitHub Actions via OIDC

Category: security

Tags: ssh, certificate-authority, oidc, github-actions, security

Score: 7.5/10 (Innovation: 7, Technical: 7, Documentation: 9, Utility: 7)

Oidc-SSH-ca is a lightweight SSH certificate authority that issues short-lived OpenSSH certificates to GitHub Actions workflows using OIDC tokens, replacing long-lived SSH keys with ephemeral, policy-controlled access. It combines OIDC authentication with SSH CA infrastructure in a focused, deployable tool, with strong documentation and practical deployment options. Its innovation lies in making workflow identity the unit of SSH authorization, solving a concrete security pain point for CI/CD pipelines.

Target audience: devops, platform engineers, security engineers

Repository: https://github.com/atsuoishimoto/oidc-ssh-ca · Go · MIT

View on Hacker News