Claude Platform WIF Is GA: Ditch the Static API Key Now

Anthropic made Workload Identity Federation (WIF) generally available on the Claude Platform as of June 17, allowing workloads to authenticate with short-lived OIDC tokens instead of static API keys. This addresses a security crisis where 1.27 million AI-service credentials were exposed on public GitHub last year, up 81% from the prior year.

Last year, GitGuardian found 1.27 million AI-service credentials exposed on public GitHub — up 81% from the year before. The root cause is predictable: every team shipping an LLM-powered feature starts by dropping a static API key into a CI secret, a container environment variable, or a .env file that eventually ends up in a commit. Anthropic’s answer to this is now generally available. As of June 17, Workload Identity Federation WIF is live on the Claude Platform. Your workload presents an OIDC token from the identity provider you already run. Anthropic validates it and returns a short-lived access token. … The post