Authentication
Atmos Pro uses GitHub's OpenID Connect (OIDC) to securely authenticate workflows—no API keys or static secrets required.
Atmos Pro doesn't use traditional API keys or static tokens. Instead, it integrates natively with GitHub's OpenID Connect (OIDC). This means your existing GitHub Actions workflows can authenticate securely with Atmos Pro without needing to set any long-lived tokens.
With Atmos Pro Authentication, you get:
Seamless integration with GitHub OIDC
No more long-lived credentials to manage
Enhanced security with short-lived tokens
Automated and secure authentication for CI/CD
When you run the Atmos CLI inside a GitHub Actions workflow, the workflow itself requests a short-lived OIDC (OpenID Connect) token from GitHub. The Atmos CLI then uses this token to securely authenticate with Atmos Pro—no extra manual steps or custom GitHub Actions are needed.
- Atmos Pro doesn't directly request tokens. Instead, the GitHub Actions workflow gets an OIDC token from GitHub, and the Atmos CLI handles exchanging that token for access to Atmos Pro.
- This means you don't have to manage long-lived secrets or tokens. The authentication is handled automatically and securely each time your workflow runs.
- For accessing GitHub repositories, Atmos Pro uses the standard GitHub App authentication flow—nothing custom or unusual there.
In short:
If you're running Atmos CLI in GitHub Actions, authentication with Atmos Pro is handled for you using GitHub's built-in OIDC support. You don't need to set up any extra steps or secrets.
This guide provides an overview of how authentication works in Atmos Pro and how to configure it for your projects.
Ready to configure authentication?
Visit the GitHub configuration page to get started.