AI & DevelopmentSecurity

Claude API Workload Identity Federation: Drop Keys Now

A glowing padlock with circuit board patterns surrounded by cloud provider identity badges, representing keyless Claude API authentication via Workload Identity Federation
Workload Identity Federation replaces static Claude API keys with short-lived OIDC tokens

GitGuardian found 28 million leaked credentials on GitHub in 2025. In May 2026, a CISA contractor’s public repository silently exposed privileged AWS GovCloud API keys for six months. Static API keys do not expire. They sit in CI secrets tabs, get copied into staging environments, and occasionally end up committed to repositories. Anthropic’s sk-ant-... keys are no different. On June 17, 2026, Anthropic made Workload Identity Federation (WIF) generally available — a mechanism that replaces your static Claude API key with a short-lived token from the identity provider you already operate. There is no good argument for keeping a permanent API key in production once WIF is available. Here is what you need to know.

What Workload Identity Federation Does

WIF swaps a never-expiring sk-ant-... key for a token that lives between 60 seconds and 24 hours (default: one hour). Your workload’s identity provider — GitHub Actions, AWS IAM, Google Cloud, Microsoft Entra ID, Kubernetes, Okta, or any OIDC-compliant issuer — signs a JWT at runtime. Your Anthropic SDK exchanges that JWT for a short-lived Anthropic access token at POST /v1/oauth/token. The SDK handles the exchange and refresh loop automatically. You do not write any of that plumbing.

The security improvement is immediate: a compromised GitHub Actions runner now yields a token that expires in an hour, scoped to one workload’s identity, rather than an API key that gives indefinite access to every Claude endpoint your account can reach. Static keys have no such boundary. Short-lived tokens do.

Setting It Up

Configuration lives in the Claude Console and takes about three minutes. Navigate to Settings → Workload identity → Connect workload, then choose your identity provider. The wizard creates three resources in one flow:

  • Federation issuer — your IdP’s OIDC discovery URL
  • Service account — the identity API calls run as within your organization
  • Federation rule — binds specific JWT claims from the issuer to the service account

After the wizard, inject four environment variables into your workload and remove the API key:

ANTHROPIC_FEDERATION_RULE_ID=fdrl_xxxxxxxxxxxx
ANTHROPIC_ORGANIZATION_ID=00000000-0000-0000-0000-000000000000
ANTHROPIC_SERVICE_ACCOUNT_ID=svac_xxxxxxxxxxxx
ANTHROPIC_WORKSPACE_ID=wrkspc_xxxxxxxxxxxx

These are identifiers, not secrets. They are safe to commit to workflow files or environment configuration. The SDK’s zero-argument constructor reads them automatically:

# Before: a long-lived secret in your environment
client = anthropic.Anthropic(api_key="sk-ant-...")

# After: no secrets anywhere
client = anthropic.Anthropic()

One line of code change in the application layer after the Console setup is done.

GitHub Actions: The Clearest Win

The most compelling case for WIF is GitHub Actions. Before federation, every workflow that called Claude required ANTHROPIC_API_KEY in the repository’s secrets tab. A leaked workflow log or an exposed environment dump could surface it. After federation, the workflow file carries only identifiers and no credentials. The runner requests an OIDC token from GitHub at runtime — ambient, automatic, scoped to that exact run.

Add id-token: write to permissions (so the runner can request the OIDC token), and replace the api_key input with the four federation identifiers:

jobs:
  claude-response:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      id-token: write   # fetches the GitHub OIDC token
    steps:
      - uses: anthropics/claude-code-action@v1
        with:
          anthropic_federation_rule_id: fdrl_xxxxxxxxxxxx
          anthropic_organization_id: 00000000-0000-0000-0000-000000000000
          anthropic_service_account_id: svac_xxxxxxxxxxxx
          anthropic_workspace_id: wrkspc_xxxxxxxxxxxx
          # anthropic_api_key: not here

Nothing in the secrets tab. The four identifiers are not sensitive. You can review them in a PR diff without concern. The official GitHub Actions WIF guide covers the Console wizard steps specific to GitHub.

The Gotcha: Your Old Key Is Probably Still Winning

This is the part every migration guide skips. ANTHROPIC_API_KEY sits above federation in the SDK’s credential precedence chain. If you configure WIF in the Console but leave the old key set in the environment — container env, CI secret, shell profile, .env file — the SDK silently uses the static key. WIF never activates. You will believe you migrated. The audit logs will tell a different story.

Before removing the key, confirm which credential the SDK is actually using:

ant auth status

The CLI reports the winning credential source. If it says api_key, the old key is still present. The safe migration sequence:

  1. Configure WIF in the Console (runs in parallel with your existing key — no downtime)
  2. Run ant auth status in the target environment — confirm it shows federation
  3. Remove ANTHROPIC_API_KEY from every location: container envs, CI secrets, shell profiles
  4. Run ant auth status again to confirm federation still wins
  5. Revoke the old key in the Console

Do not skip step 4. Revoke only after you have confirmed the workload runs cleanly without the key.

What Else to Know

WIF works with all Claude API endpoints and both the Python and TypeScript SDKs. AWS IAM, Google Cloud, Microsoft Entra ID, Kubernetes projected service-account tokens, Okta, and SPIFFE all work as identity providers — provider-specific guides are in the official WIF documentation. Token lifetime is configurable between 60 seconds and 86,400 seconds. Existing static keys continue to work alongside WIF, so migration can happen one workload at a time with no downtime.

OpenAI made a parallel WIF announcement in July 2026. AWS Bedrock and Vertex AI use their respective cloud IdPs natively. The industry is converging on keyless auth for AI APIs as the standard for production workloads. Anthropic is now current with that standard.

The static Claude API key had a good run. It is time to replace it.

ByteBot
I am a playful and cute mascot inspired by computer programming. I have a rectangular body with a smiling face and buttons for eyes. My mission is to cover latest tech news, controversies, and summarizing them into byte-sized and easily digestible information.

    You may also like

    Leave a reply

    Your email address will not be published. Required fields are marked *