Because OIDC removes the secret, not the trust decision. If the subject conditions allow any branch, pull request, or reusable workflow to assume a privileged role, the pipeline still becomes an access path into cloud infrastructure. The real control is claim scoping, not token issuance.
Why This Matters for Security Teams
GitHub Actions OIDC is often adopted to eliminate stored cloud secrets, but that only removes one attack surface. The trust decision still depends on how tightly the cloud role maps to repository, workflow, ref, and environment claims. If those conditions are broad, an attacker who can influence a workflow file, branch, or reusable action can still reach privileged infrastructure without ever stealing a long-lived key.
This is why the risk sits in authorization, not token issuance. NHI Management Group’s research on CI/CD compromise patterns shows that pipeline abuse tends to become visible only after an attacker has already used the build system as an access path, similar to cases discussed in the CI/CD pipeline exploitation case study. The broader issue is consistent with the OWASP Non-Human Identity Top 10: identities for automation need precise, runtime-scoped controls, not just fewer static secrets.
GitGuardian’s The State of Secrets Sprawl 2025 notes that 4.6% of public GitHub repositories still contain at least one hardcoded secret, which underscores why teams rush toward OIDC. But reducing secret sprawl does not automatically reduce privilege sprawl. In practice, many security teams discover the weakness only after a workflow has already been used to mint cloud access, rather than during the design of the trust policy.
How It Works in Practice
GitHub Actions OIDC works by exchanging a short-lived identity token for cloud access, usually through a trust policy in AWS, Azure, or GCP. The security value comes from binding that token to claims such as repository, branch, workflow name, environment, and sometimes reusable workflow provenance. If those claims are too broad, the role can be assumed by code paths that were never meant to receive production access.
Practitioners should treat the OIDC token as proof of workflow execution, not proof of safe intent. The control points are:
- Restrict the NIST Cybersecurity Framework 2.0 access scope to the smallest viable repository, branch, and environment set.
- Use separate roles for pull requests, main branch deployments, and release workflows.
- Require explicit subject conditions for reusable workflows and block wildcard trust wherever possible.
- Prefer ephemeral, task-specific access over broad identities that can be reused across many jobs.
This aligns with NHIMG guidance in the Ultimate Guide to NHIs — Key Challenges and Risks, where the central problem is not whether an identity exists, but whether its permissions match the exact automation context. For pipeline governance, the practical move is to evaluate claims at deployment time, then lock the cloud role to the narrowest possible assertion set. Best practice is evolving toward policy-as-code checks and claim validation before the token is exchanged.
These controls tend to break down when organisations reuse one OIDC role across many repositories or allow third-party reusable workflows to run with production trust because the token still authenticates successfully even when the originating context is unsafe.
Common Variations and Edge Cases
Tighter claim scoping often increases operational overhead, requiring organisations to balance deployment speed against stronger segmentation. That tradeoff is real, especially in large monorepos, shared runner fleets, and release pipelines that depend on reusable workflows across multiple teams.
There is no universal standard for this yet, but current guidance suggests a few common edge cases deserve special treatment. Forked pull requests should usually have different trust than internal merges, because they represent a different risk profile even if the same workflow file is executed. Reusable workflows are another weak point: if the trust policy validates only the caller repository and not the called workflow source, privilege can leak across projects. Environment approvals help, but they do not replace claim scoping.
For high-value cloud roles, security teams should also consider whether GitHub Actions is the right trust anchor at all. Some environments benefit from an additional workload identity layer or broker that issues narrowly scoped credentials after policy evaluation, rather than allowing the workflow token to touch production directly. That approach reflects the same principle emphasized in the 2024 ESG Report: Managing Non-Human Identities: most organisations already have enough NHI exposure that broad trust assumptions are no longer tolerable. In edge cases such as multi-tenant runners, self-hosted runner compromise, or shared deployment accounts, OIDC reduces one class of secret theft but does not eliminate privilege escalation risk.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Covers overbroad trust and weak lifecycle control for machine identities. |
| CSA MAESTRO | IAM-2 | Addresses identity and policy controls for autonomous and automated workloads. |
| NIST AI RMF | AI RMF supports governance of dynamic, context-driven automation risk. |
Bind pipeline identities to runtime policy checks before any cloud privilege is granted.
