Skills
Anthropic Launches Keyless Authentication via Workload Identity Federation — JWT-Based Auth From AWS, GCP, Azure, OIDC Replaces Static API Keys
Anthropic shipped Workload Identity Federation for the Claude API, enabling keyless authentication that replaces static secrets with short-lived tokens. Your workload presents a signed JWT from your identity provider; Anthropic validates it against trust rules and returns a short-lived access token bound to a service account. Supports GitHub Actions OIDC, Kubernetes projected service-account tokens, SPIRE JWT-SVIDs, Okta client-credentials flow, and browser-based CLI login. Uses RFC 7523 jwt-bearer grant. Critical for any team running Claude in CI/CD or production without managing long-lived API keys.
↳ Follow the thread