GitHub Actions OIDC身份联合到云：短期凭证与安全发布

YBB 1 阅读 0 评论 0 点赞

GitHub Actions OIDC身份联合到云：短期凭证与安全发布概览OIDC 联合允许工作流在运行时与云 IAM 建立信任，获取短期凭证，无需存储长期密钥。技术参数（已验证）AWS：通过 IAM 角色的信任策略绑定 OIDC 提供者与条件（仓库/分支），工作流请求 `AssumeRoleWithWebIdentity`。GCP：Workload Identity Pool 将 OIDC 声明映射到服务账号，颁发短期令牌。安全：限制发行条件与最小权限，记录审计事件与到期。实战清单按环境与仓库维度配置信任策略；最小权限授予角色。在工作流中缓存最小化并显式失效，避免泄露。

点赞(0) 打赏

本文分类：Recovered Channel 1273
本文标签：工程实践安全 OIDC AWS IAM "GCP WorkloadIdentity 短期凭证
浏览次数：1 次浏览
发布日期：2026-02-12 23:43:16
本文链接：http://ybb.ybb.press/recovered-1273/1277.html

上一篇 > GitHub Actions OIDC联邦云部署：临时凭证与权限最小化
下一篇 > GitHub Actions可复用工作流与Monorepo CI实践

评论列表共有 0 条评论

暂无评论

发表评论取消回复

微信公众账号

微信扫一扫加关注

发表
评论返回
顶部

基本文件流程错误 SQL 调试

/www/wwwroot/yebinbing/public/index.php ( 0.88 KB )
/www/wwwroot/yebinbing/thinkphp/start.php ( 0.72 KB )
/www/wwwroot/yebinbing/thinkphp/base.php ( 2.60 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Loader.php ( 21.07 KB )
/www/wwwroot/yebinbing/vendor/composer/autoload_static.php ( 10.49 KB )
/www/wwwroot/yebinbing/vendor/symfony/deprecation-contracts/function.php ( 0.98 KB )
/www/wwwroot/yebinbing/vendor/symfony/polyfill-php80/bootstrap.php ( 1.50 KB )
/www/wwwroot/yebinbing/vendor/symfony/polyfill-mbstring/bootstrap.php ( 8.26 KB )
/www/wwwroot/yebinbing/vendor/ralouphie/getallheaders/src/getallheaders.php ( 1.60 KB )
/www/wwwroot/yebinbing/vendor/guzzlehttp/guzzle/src/functions_include.php ( 0.16 KB )
/www/wwwroot/yebinbing/vendor/guzzlehttp/guzzle/src/functions.php ( 5.54 KB )
/www/wwwroot/yebinbing/vendor/symfony/polyfill-php73/bootstrap.php ( 0.99 KB )
/www/wwwroot/yebinbing/vendor/ezyang/htmlpurifier/library/HTMLPurifier.composer.php ( 0.10 KB )
/www/wwwroot/yebinbing/vendor/topthink/think-helper/src/helper.php ( 2.88 KB )
/www/wwwroot/yebinbing/vendor/fastadminnet/fastadmin-addons/src/common.php ( 15.67 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Route.php ( 60.23 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Config.php ( 6.38 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Hook.php ( 4.71 KB )
/www/wwwroot/yebinbing/vendor/overtrue/wechat/src/Kernel/Support/Helpers.php ( 2.54 KB )
/www/wwwroot/yebinbing/vendor/overtrue/wechat/src/Kernel/Helpers.php ( 1.89 KB )
/www/wwwroot/yebinbing/vendor/topthink/think-captcha/src/helper.php ( 1.94 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Validate.php ( 42.78 KB )
/www/wwwroot/yebinbing/vendor/topthink/think-queue/src/common.php ( 1.19 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Console.php ( 23.13 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Error.php ( 3.75 KB )
/www/wwwroot/yebinbing/thinkphp/convention.php ( 10.37 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/App.php ( 21.58 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Request.php ( 49.78 KB )
/www/wwwroot/yebinbing/application/config.php ( 11.96 KB )
/www/wwwroot/yebinbing/application/database.php ( 2.25 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Env.php ( 1.21 KB )
/www/wwwroot/yebinbing/application/extra/addons.php ( 1.20 KB )
/www/wwwroot/yebinbing/application/extra/apibbj.php ( 0.86 KB )
/www/wwwroot/yebinbing/application/extra/queue.php ( 0.55 KB )
/www/wwwroot/yebinbing/application/extra/site.php ( 0.89 KB )
/www/wwwroot/yebinbing/application/extra/upload.php ( 1.05 KB )
/www/wwwroot/yebinbing/application/tags.php ( 1.23 KB )
/www/wwwroot/yebinbing/application/common.php ( 15.57 KB )
/www/wwwroot/yebinbing/thinkphp/helper.php ( 17.30 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Debug.php ( 7.13 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Log.php ( 6.05 KB )
/www/wwwroot/yebinbing/addons/cms/Cms.php ( 6.48 KB )
/www/wwwroot/yebinbing/vendor/fastadminnet/fastadmin-addons/src/Addons.php ( 7.64 KB )
/www/wwwroot/yebinbing/addons/signin/Signin.php ( 2.24 KB )
/www/wwwroot/yebinbing/addons/cropper/Cropper.php ( 0.65 KB )
/www/wwwroot/yebinbing/addons/nkeditor/Nkeditor.php ( 1.35 KB )
/www/wwwroot/yebinbing/addons/prism/Prism.php ( 2.04 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Cache.php ( 6.10 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/cache/driver/File.php ( 7.27 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/cache/Driver.php ( 5.98 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/View.php ( 6.77 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/view/driver/Think.php ( 5.64 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Template.php ( 44.92 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/template/driver/File.php ( 2.24 KB )
/www/wwwroot/yebinbing/addons/cms/config.php ( 28.14 KB )
/www/wwwroot/yebinbing/application/common/behavior/Common.php ( 3.02 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Lang.php ( 7.42 KB )
/www/wwwroot/yebinbing/thinkphp/lang/zh-cn.php ( 11.81 KB )
/www/wwwroot/yebinbing/application/route.php ( 1.08 KB )
/www/wwwroot/yebinbing/vendor/fastadminnet/fastadmin-addons/src/addons/Route.php ( 3.35 KB )
/www/wwwroot/yebinbing/application/common/lang/zh-cn/addon.php ( 6.09 KB )
/www/wwwroot/yebinbing/extend/fast/Form.php ( 39.79 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/config/driver/Ini.php ( 0.83 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Url.php ( 12.72 KB )
/www/wwwroot/yebinbing/addons/cms/controller/Archives.php ( 5.85 KB )
/www/wwwroot/yebinbing/addons/cms/controller/Base.php ( 3.75 KB )
/www/wwwroot/yebinbing/vendor/fastadminnet/fastadmin-addons/src/addons/Controller.php ( 7.08 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Controller.php ( 6.07 KB )
/www/wwwroot/yebinbing/thinkphp/library/traits/controller/Jump.php ( 4.92 KB )
/www/wwwroot/yebinbing/addons/cms/lang/zh-cn.php ( 5.58 KB )
/www/wwwroot/yebinbing/application/common/library/Auth.php ( 15.50 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Cookie.php ( 8.17 KB )
/www/wwwroot/yebinbing/application/common/model/Config.php ( 6.71 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Model.php ( 69.55 KB )
/www/wwwroot/yebinbing/addons/cms/library/Service.php ( 28.97 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Db.php ( 6.67 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/connector/Mysql.php ( 3.89 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/Connection.php ( 29.97 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/Query.php ( 93.80 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/builder/Mysql.php ( 4.53 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/Builder.php ( 31.81 KB )
/www/wwwroot/yebinbing/addons/cms/model/Archives.php ( 22.89 KB )
/www/wwwroot/yebinbing/thinkphp/library/traits/model/SoftDelete.php ( 4.86 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/model/relation/BelongsTo.php ( 7.75 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/model/relation/OneToOne.php ( 10.03 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/model/Relation.php ( 3.61 KB )
/www/wwwroot/yebinbing/addons/cms/model/Channel.php ( 19.14 KB )
/www/wwwroot/yebinbing/addons/cms/model/Modelx.php ( 1.97 KB )
/www/wwwroot/yebinbing/addons/cms/model/Fields.php ( 3.46 KB )
/www/wwwroot/yebinbing/addons/cms/model/SpiderLog.php ( 1.75 KB )
/www/wwwroot/yebinbing/addons/cms/model/Tag.php ( 6.98 KB )
/www/wwwroot/yebinbing/addons/cms/model/Autolink.php ( 0.57 KB )
/www/wwwroot/yebinbing/application/common/model/User.php ( 4.22 KB )
/www/wwwroot/yebinbing/runtime/temp/388d6f0b5bff3196cdb77891cfa4196c.php ( 32.66 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Session.php ( 10.86 KB )
/www/wwwroot/yebinbing/extend/fast/Tree.php ( 15.55 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/model/Collection.php ( 2.27 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Collection.php ( 11.10 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/db/Expression.php ( 1.11 KB )
/www/wwwroot/yebinbing/addons/cms/model/Comment.php ( 9.37 KB )
/www/wwwroot/yebinbing/addons/cms/library/Bootstrap.php ( 5.49 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Paginator.php ( 9.94 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/Response.php ( 8.28 KB )
/www/wwwroot/yebinbing/thinkphp/library/think/debug/Html.php ( 4.17 KB )

[ BEHAVIOR ] Run Closure @app_init [ RunTime:0.000097s ]
[ CACHE ] INIT File
[ BEHAVIOR ] Run \addons\cms\Cms @app_init [ RunTime:0.009297s ]
[ BEHAVIOR ] Run Closure @app_init [ RunTime:0.009427s ]
[ BEHAVIOR ] Run app\common\behavior\Common @app_init [ RunTime:0.001481s ]
[ LANG ] /www/wwwroot/yebinbing/thinkphp/lang/zh-cn.php
[ BEHAVIOR ] Run app\common\behavior\Common @app_dispatch [ RunTime:0.000135s ]
[ ROUTE ] array ( 'type' => 'method', 'method' => array ( 0 => '\\think\\addons\\Route', 1 => 'execute', ), 'var' => array ( 'addon' => 'cms', 'controller' => 'archives', 'action' => 'index', ), )
[ HEADER ] array ( 'cf-visitor' => '{"scheme":"https"}', 'cf-ipcountry' => 'US', 'cf-connecting-ip' => '216.73.216.35', 'cdn-loop' => 'cloudflare; loops=1', 'cf-ray' => '9cee1f33296f7f3b-CMH', 'accept-encoding' => 'gzip, br', 'cookie' => 'PHPSESSID=uk7r01hs9ojsladq9lf4bsrjsq', 'accept' => '*/*', 'user-agent' => 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; [email protected])', 'connection' => 'close', 'remote-host' => '104.23.243.8', 'x-forwarded-port' => '80', 'x-forwarded-host' => 'www.ybb.press', 'x-forwarded-proto' => 'http', 'x-forwarded-for' => '216.73.216.35, 104.23.243.8', 'x-real-port' => '11590', 'x-real-ip' => '104.23.243.8', 'host' => 'ybb.ybb.press', 'content-length' => '', 'content-type' => '', )
[ PARAM ] array ( 'catename' => 'recovered-1273', 'id' => '1277', )
[ RUN ] think\addons\Route->execute[ /www/wwwroot/yebinbing/vendor/fastadminnet/fastadmin-addons/src/addons/Route.php ]
[ LANG ] /www/wwwroot/yebinbing/public/../application/common/lang/zh-cn/addon.php
[ BEHAVIOR ] Run app\common\behavior\Common @addon_begin [ RunTime:0.004509s ]
[ LANG ] /www/wwwroot/yebinbing/addons/cms/lang/zh-cn.php
[ DB ] INIT mysql
[ VIEW ] /www/wwwroot/yebinbing/addons/cms/view/default/show_news.html [ array ( 0 => 'config', 1 => 'user', 2 => 'site', 3 => '__CHANNEL__', 4 => 'isWechat', 5 => '__ARCHIVES__', 6 => '__MODEL__', ) ]
[ SESSION ] INIT array ( 'id' => '', 'var_session_id' => '', 'prefix' => 'think', 'type' => '', 'auto_start' => true, )
[ BEHAVIOR ] Run \addons\cms\Cms @view_filter [ RunTime:0.000391s ]

1.812564s

ShowPageTrace