← Back to Projects
Azure App Service POC – OIDC & Terraform CI/CD
Secure, secret-free infra and deployment pipeline for an Azure web app. Terraform, Azure App Service (Linux, Node 18), GitHub Actions, and OIDC—no client secrets.
Tech Stack
AzureTerraformApp ServiceGitHub ActionsOIDC
Overview
This project provisions and deploys an Azure App Service (Linux, Node 18) using Terraform, with CI/CD in GitHub Actions. Authentication is done with OpenID Connect (OIDC): the workflow requests a short-lived token from GitHub and exchanges it with Azure using a federated credential, so there are no long-lived client secrets in the repo or in GitHub. Terraform state lives in Azure Storage, also authenticated via OIDC. Push to main runs apply; pull requests run plan.
Solutions
- ▹Stack: Terraform, Azure (App Service, resource group, state in Storage), GitHub Actions
- ▹Auth: OIDC federated credentials (no client secrets); Azure login and Terraform backend both use OIDC
- ▹Flow: PRs run terraform plan; pushes to main run terraform apply
- ▹Goal: Secure, secret-free infra and deployment pipeline for an Azure web app