Customer Feedback and Questions: Update CI_JOB_JWT_V2 to support OIDC cloud providers for deployment hardening

This issue is for general feedback from customer using the new alpha implementation of CI_JOB_JWT_V2.

Documentation

OIDC Overview with GitLab: https://docs.gitlab.com/ee/ci/cloud_services/
Configure OIDC with AWS: https://docs.gitlab.com/ee/ci/cloud_services/aws/
Repository example: https://gitlab.com/guided-explorations/aws/configure-openid-connect-in-aws

Provider Specific

Vault
AWS
GCP

Policy setup

Per Branch
Per Group
Per Project

Context:

Our current CI_JOB_JWT implementation is limited to Vault. @bdowney and contributors have drafted an MR for CI_JOB_JWT_V2 which adds OIDC support for AWS and other cloud providers. This allows customers to use temporary credentials from cloud providers without storing secrets in their GitLab projects.

Edited Jan 05, 2022 by Joe Randazzo