This service facilitates the exchange of OpenID Connect (OIDC) identity tokens from various issuers (e.g., GitHub Actions, Kubernetes, AWS, Azure, GCP, HashiCorp Vault) for short-lived (1 hour) GitHub access tokens with limited scopes. This enables credential-less authentication to GitHub, eliminating the need to manually manage and rotate access tokens. Additionally, it provides a secure method for consuming GitHub resources.

Tokens are generated by a central GitHub App, based on configuration settings like issuer, claims, subject, allowed repositories, and allowed permissions.

Learn more how to use it at https://github.tools.sap/kubernetes/github-oidc-federation