Skip to content

DataDog/dd-sts-action

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
.github
.github
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
action.yaml
action.yaml
 
 
index.js
index.js
 
 
package.json
package.json
 
 
post.js
post.js
 
 

Repository files navigation

dd-sts-action

This action exchanges the workflow's identity token for Datadog credentials according to a target trust policy.

Usage

Consider the following workflow in DataDog/my-repo:

permissions:
  id-token: write # Needed to federate tokens.

steps:
- id: dd-sts
  uses: DataDog/dd-sts-action@main
  with:
    policy: foo # policy filename excluding `.yaml`
- env:
    DD_API_KEY: ${{ steps.dd-sts.outputs.api_key }}
    DD_APP_KEY: ${{ steps.dd-sts.outputs.app_key }}
  run: |
    set -euo pipefail
    resp="$(curl -fsS -H "DD-API-KEY: ${DD_API_KEY}" "https://api.${DD_SITE}/api/v1/validate")"
    echo "$resp" | jq -e '.valid == true' > /dev/null
    echo "Datadog API key is valid."

Inputs

  • policy (required): The name of the trust policy to use (excluding .yaml extension)
  • domain (required): The domain of the Datadog STS instance to use. Defaults to webhooks.build.datadoghq.com (must not be overwritten to the empty string).
  • audience (optional): The audience value for the OIDC token. Must match the audience configured in your dd-sts policy. Defaults to dd-sts.

Outputs

  • api_key: A Datadog API key
  • app_key: A Datadog application key (if provided by the policy)
  • app_key_expiration_timestamp: The expiration timestamp of the application key (if applicable)

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Apr 2, 2026

Packages

 
 
 

Contributors

Languages