Claude Platform WIF Is GA: Ditch the Static API Key Now

Last year, GitGuardian found 1.27 million AI-service credentials exposed on public GitHub — up 81% from the year before. The root cause is predictable: every team shipping an LLM-powered feature starts by dropping a static API key into a CI secret, a container environment variable, or a .env file that eventually ends up in a commit. Anthropic’s answer to this is now generally available. As of June 17, Workload Identity Federation (WIF) is live on the Claude Platform. Your workload presents an OIDC token from the identity provider you already run. Anthropic validates it and returns a short-lived access token. No sk-ant-... key to mint, store, rotate, or leak.

How WIF Works

WIF is built around three resources you configure in the Claude Console: a service account, a federation issuer, and a federation rule.

A service account is the non-human identity your workload acts as. It has no password and no Console login — it just has roles, a workspace membership, and an audit trail. A federation issuer registers your OIDC provider (its URL and where Anthropic can find its JWKS keys). A federation rule is the bridge: “when a JWT from issuer X has claims matching Y, mint a token for service account Z.”

The runtime exchange has three steps:

1. Your identity provider issues a JWT to the workload. On most platforms this is ambient — a Kubernetes projected service-account token, the GCP metadata server, GitHub Actions’ OIDC endpoint. Your application does not need to do anything special to get it.
2. The Claude SDK POSTs that JWT to POST /v1/oauth/token using the RFC 7523 jwt-bearer grant. Anthropic verifies the signature against the registered JWKS and checks that the token’s claims satisfy the federation rule.
3. Anthropic returns a short-lived sk-ant-oat01-... token scoped to the matched service account. The SDK caches it, attaches it to every request, and refreshes before expiry — automatically.

Default token lifetime is 3600 seconds, bounded by the upstream JWT’s remaining lifetime. The SDK runs an advisory refresh at expiry minus two minutes and a mandatory refresh at expiry minus 30 seconds.

Supported Identity Providers

The Console wizard supports tiles for AWS IAM, Google Cloud, Microsoft Entra ID (including managed identities on AKS), GitHub Actions, and Kubernetes. A “Custom OIDC” tile covers anything else standards-compliant: SPIFFE/SPIRE, Okta, or your own issuer. If Anthropic can reach the JWKS endpoint, it works.

Setting It Up in Python

The SDK change from a static key to federated credentials is a constructor swap:

from anthropic import Anthropic, WorkloadIdentityCredentials, IdentityTokenFile

client = Anthropic(
    credentials=WorkloadIdentityCredentials(
        identity_token_provider=IdentityTokenFile(
            "/var/run/secrets/anthropic.com/token"
        ),
        federation_rule_id="fdrl_...",
        organization_id="00000000-0000-0000-0000-000000000000",
        service_account_id="svac_...",
        workspace_id="wrkspc_...",
    ),
)

Ship the same image everywhere and inject the four IDs per environment. The zero-argument form reads them from ANTHROPIC_FEDERATION_RULE_ID, ANTHROPIC_ORGANIZATION_ID, ANTHROPIC_SERVICE_ACCOUNT_ID, ANTHROPIC_WORKSPACE_ID, and ANTHROPIC_IDENTITY_TOKEN_FILE. TypeScript, Go, Java, C#, PHP, and Ruby SDKs have equivalent constructors. The full documentation includes a cURL walkthrough for shell scripts and debugging.

Migrating Without Downtime

Anthropic’s migration path runs in parallel with your existing key. Configure WIF, run the wizard’s end-to-end test, and leave ANTHROPIC_API_KEY in place. At this stage, the static key still wins — that is by design. The SDK credential precedence order puts ANTHROPIC_API_KEY above the federation tier.

The step most developers miss: you must explicitly unset ANTHROPIC_API_KEY everywhere the workload runs — CI secrets, container environment, shell profiles — before WIF takes over. Run ant auth status from inside the workload to confirm which credential source won. Once you have verified federation is active, revoke the static key in the Console.

What WIF Does Not Solve

This is infrastructure-grade authentication for a single destination: the Claude API. It does not address workloads that also authenticate with Snowflake, GitHub, databases, and other AI APIs. Each vendor’s WIF or equivalent requires separate setup. The Aembit analysis makes the right call here: federated auth is only as strong as the upstream IdP. A misconfigured Kubernetes service account or an overly permissive GitHub Actions OIDC trust propagates insecurity downstream. There is also no cross-vendor audit trail — Claude logs what happened in Claude, not across your full AI surface.

None of that diminishes what WIF is. It is a necessary building block, not a complete workload access program.

The Broader Shift

If you worked on cloud infrastructure between 2018 and 2022, you watched this transition before. Teams moved from JSON service account key files and IAM access keys to Workload Identity and IRSA. The pattern — short-lived OIDC-derived credentials replacing long-lived static secrets — is well-established. Anthropic is applying it to LLM API access about five years after cloud infra made the same shift. That timeline tracks: cloud infra tooling matures first, and application-layer credentials follow when the credential leaks get bad enough. At 81% year-over-year growth in AI service credential leaks, they are bad enough.

Teams still dropping sk-ant-... keys into CI secrets in mid-2026 are making the same mistake their predecessors made with JSON key files in 2018. The playbook is the same — and now so is the solution. Set up WIF via the Claude Platform docs and read the announcement for the full feature overview.