This feature is only available on Chainloop’s platform paid plans.
- Connect your GitHub repository to a project
- Configure workflow permissions for OIDC
1 - Connect your GitHub repository to a project
Before attesting, connect the Chainloop GitHub integration and link the repository to a project:- Connect GitHub & GitLab — one-time organization setup.
- Create a project — link the repository to the project that will receive attestations.
Attestations from repositories that are not connected to a project will not be accepted.
2 - Configure the workflow for keyless attestation
You can leverage GitHub OIDC tokens directly from your workflow. Keep the workflow configuration simple and include these permissions:Do not set
CHAINLOOP_TOKEN in your workflow environment. In keyless mode, the CLI automatically requests a GitHub OIDC token and uses it to authenticate with Chainloop — no manual token configuration needed.If you have onboarded the same repository to more than one Chainloop organization, pass the
--org flag to the init command: