Apply better authentication mechanisms (OIDC) to audit streaming between cloud providers and GitLab

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Problem

We currently do not have a way to authenticate streaming audit events between cloud providers and GitLab. This could be valuable to implement for audit streaming, as by establishing a way to authenticate streaming audit events between cloud providers and GitLab, users would not need to store their cloud credentials in GitLab and, as a result, reduce credential leaks

Solution

Explore whether we should use OpenID Connect (OIDC) to create a trust between a cloud provider and GitLab, which is already used in some places in GitLab, including:

CI/CD Jobs
GCP integration; and
GCP secrets manager

Edited Aug 04, 2025 by 🤖 GitLab Bot 🤖