Federated Credential to be used by Multiple Repositories - Github Actions
I'm using Github Actions to build my Android applications. I have fifteen repositories in my organisation. In order to build each of these application, I need to access secrets which are kept in Azure Key Vault. I am trying to authenticate using OIDC based on this Github Action
The subject identifier field needs to be populated based on the GH account, repo name and branch name.
I need to make this credential usable for all the 15 applications. Else I will end up creating federated credential for each project repository and adding the same to github repo level. This is not an efficient way. I would like to create just one credential and set this at github organisation level, so all 15 apps GH actions pipeline can consume. Does anyone know if this is possible, if yes, how?
Unfortunately, The secrets needs to be created at the repository level to use them in Action. And you need to configure the federated credentials for each repository and branch separate in the subject like below:-
Script:-
az ad app federated-credential create --id <APPLICATION-OBJECT-ID> --parameters credential.json
("credential.json" contains the following content)
{
"name": "<CREDENTIAL-NAME>",
"issuer": "https://token.actions.githubusercontent.com",
"subject": "repo:octo-org/octo-repo:environment:Production",
"description": "Testing",
"audiences": [
"api://AzureADTokenExchange"
]
}
Command Reference:-
Connect GitHub and Azure | Microsoft Learn
You can create one federated credentials and then just change the value of repository and branch before running the workflow in your repository.
And then run the github action workflow to build and deploy your web app.
- How to configure backend application on Container Apps
- WebJob is stopping due to website shutting down
- Azure SQL trigger for Functions configuration problem
- Does azure blob storage support http2?
- Azure Pronunciation Assessment Could not deserialize speech context error
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How do I Parse FormData containing a audio file in AZ function app in 2025
- Not able to delete Public IP address in azure
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- Azure Storage accounts container public access level has dissabled
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
- Problem with Azure Email Communication Service Custom Domain
- How to refresh client assertion in ConfidentialClientApplication?
- Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
- Invalid operands found for operator -eq
- nginx - php-fpm - azure container app returns truncated pages
- Adding custom headers to Azure Functions response
- Azure Queue Trigger is hit but not executing the logic inside of it
- az cli not showing redisenterprise keys
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- Azure Devops Server Pipelines: Any way to have a Stage result as "Succeeded" even if a constituent Job reported "SucceededWithIssues"?
- YAML strings including special characters % and & were not printed correctly for Windows environment
- Azure function returns error: No job functions found. Try making your job classes and methods public
- How to view Oldest Query results in Azure Monitor Metrics for an Azure PostgreSQL Flex Server instance
- Authenticate to Azure with certificate from Linux
- What are the minimum Azure permissions required to publish a Power BI report using "App Owns the Data"?
- How to report an Azure Text-to-Speech bug?
- Refresh an Azure search index
- Best way to clean up resources in StatefulService