We only have 1 Secret we need to manage. The API we develop is secured via Token-based OIDC. While Bruno does support OIDC, they don’t yet support token based OIDC. So we have a pre-request script that does the auth flow and stores the resulting jwt in a runtime variable.
this way we only need to define a long lived service account json defining all we need for the auth flow. The /token endpoint is not a secret and we can commit it.
So this SA is created manually for every developer for every of our 3 stages
We only have 1 Secret we need to manage. The API we develop is secured via Token-based OIDC. While Bruno does support OIDC, they don’t yet support token based OIDC. So we have a pre-request script that does the auth flow and stores the resulting jwt in a runtime variable.
this way we only need to define a long lived service account json defining all we need for the auth flow. The /token endpoint is not a secret and we can commit it.
So this SA is created manually for every developer for every of our 3 stages