Currently, Spacelift's OIDC API Key feature requires the OIDC provider JWKS endpoint to be publicly reachable (or reachable from Spacelift's egress IPs), because token validation is performed server-side by the Spacelift control plane.
This blocks adoption when operating in fully private or air-gapped environments where exposing the JWKS endpoint externally is not permitted by security policy.
Requested behaviour: Provide a mechanism to route OIDC JWKS validation through a private worker pool or VCS agent, so users can use OIDC API Keys without requiring a publicly accessible OIDC endpoint.
Please authenticate to join the conversation.
π In Review
π‘ Feature Requests
About 2 hours ago
Get notified by email when there are changes.
π In Review
π‘ Feature Requests
About 2 hours ago
Get notified by email when there are changes.