Allow Shell Script Step to Automatically Use Connector Permissions
long-term
G
Garnet Cricket
Currently, the Shell Script step does not automatically inherit or use permissions associated with a configured connector. Users must manually handle authentication, for example by writing scripts to assume roles when using OIDC.
Problem Statement:
This creates additional overhead and inconsistency compared to other steps that already leverage connector credentials natively. Users expect the Shell Script step to seamlessly use the same connector permissions without needing to manually replicate the authentication logic.
Requested Feature:
Enable the Shell Script step to optionally use connector credentials automatically (similar to how other steps handle authentication). This could be implemented via a toggle or configuration field that allows users to select an existing connector for credential context.
Example Use Case:
- A user wants to run a script in an AWS environment using OIDC.
- Today, they must add logic in the script to assume the IAM role manually.
- With this feature, the step would automatically inherit the connector’s OIDC permissions, eliminating that extra scripting.
Log In
Shylaja Sundararajan
marked this post as
long-term
Shylaja Sundararajan
marked this post as
under review
Shylaja Sundararajan
Currently there is product support for using AWS OIDC as part of the shell script using expressions .Using this expressions the required support can be achieved using scripts. Native support is planned as a feature request
a
abhijit.pujare
marked this post as
long-term
a
abhijit.pujare
The approach that currently should work out of the box is to use the secrets.getValue to access the right secrets in the custom script. Even if the shell script inherited connector credentials natively, the writer of the script would have to configure where they should be used.
a
abhijit.pujare
marked this post as
under review