OIDC with Buildkite

An Open ID Connect (OIDC) token is a signed JSON Web Token (JWT) provided by the Buildkite Agent containing information about the pipeline and job, including the pipeline and organisation slugs, as well as job-specific data, such as the branch, the commit SHA, the job ID, and the agent ID.

The Buildkite Agent's oidc command allows you to request an OIDC token representing the current job. These tokens can then be exchanged on federated systems like AWS for authenticated role-based access with specific permissions to interact with your cloud environments.

This section of the Buildkite Docs covers Buildkite's OIDC implementation with other federated systems, such as AWS.