https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/tags/octo-sts/Recent content in octo-sts onHugo -- gohugo.ioen-USTue, 23 Dec 2025 15:04:05 +0100https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/octo-sts/overview/Tue, 23 Dec 2025 15:04:05 +0100https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/octo-sts/overview/Octo STS is a GitHub App developed by Chainguard that acts as a Security Token Service (STS) for the GitHub API. It enables workloads running anywhere that can produce OIDC tokens to federate with GitHub, exchanging those tokens for short-lived GitHub access tokens. The primary goal is to eliminate the need for GitHub Personal Access Tokens (PATs), which are long-lived credentials that pose significant security risks. Why Octo STS Matters Long-lived access tokens are a common target in security incidents.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/octo-sts/faq/Mon, 22 Dec 2025 15:04:05 +0100https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/octo-sts/faq/This page answers frequently asked questions about Octo STS, including setup, security, troubleshooting, and common use cases. General Questions What is Octo STS? Octo STS is a GitHub App developed by Chainguard that acts as a Security Token Service for GitHub. It allows workloads with OIDC tokens from various identity providers (GitHub Actions, cloud providers, Kubernetes, etc.) to exchange those tokens for short-lived GitHub access tokens. The primary goal is to eliminate the need for long-lived Personal Access Tokens (PATs).https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/octo-sts/updating-container-images-with-renovate/Tue, 23 Dec 2025 09:30:00 +0100https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/octo-sts/updating-container-images-with-renovate/In this video, Developer Relations Engineer Adrian Mouat shows you how you can update container images using Renovate with Octo STS, eliminating the need for GitHub Personal Access Tokens. Video What You’ll Learn How to set up Renovate as a GitHub Action Using Octo STS to eliminate Personal Access Tokens Configuring trust policies for automated workflows Setting up assumable identities for private registries Automating container image and GitHub Actions updates Transcript In this video, I’m going to show you how you can use Renovate to update container images and GitHub actions.