We're excited to announce that our integration with CircleCI just got even better! We have rolled out the ability to directly integrate with CircleCI OIDC via trust relationships.
You can now configure a trust relationship in Depot that allows your CircleCI jobs to access your project via a token exchange. So now, rather than having to embed a project token in your CircleCI environment, you can dynamically exchange tokens when your build runs to authenticate to your project from CircleCI.
How to use CircleCI OIDC
You need to configure a trust relationship for your Depot project to leverage this new functionality. To add a trust relationship for CircleCI, you can go through the following steps:
- Open your Project Details page by clicking on a project from your projects list
- Click the Settings button next to your project ID
- Click the Add trust relationship button
- Select CircleCI as the provider
- Enter your CircleCI organization UUID (this is found in your CircleCI organization settings)
- Enter your CircleCI project UUID (this is found in your CircleCI project settings)
- Click Add trust relationship
Note: CircleCI requires entering your organization and project UUID, not your organization's or project's friendly name.
Once the trust relationship is configured, you can use the depot CLI inside of your CircleCI jobs without any additional configuration in your job. See our CircleCI integration guide for common examples of depot build in your CircleCI jobs.
Conclusion
We're excited to continue making it easier and more secure to integrate Depot into your existing CI/CD workflows. The OIDC exchange eliminates the need to store static access tokens inside your CI provider. Instead, Depot can identify the CI job or workflow via a trust relationship tied to the project and issue short lived one-time build tokens.
Today, you can connect to your Depot projects via OIDC token exchanges from GitHub Actions, Buildkite, and now CircleCI.
Pop into our Community Discord and let us know what you think!