Meta tags:
description= Namespace accelerates the development workflow of fast-moving software engineering teams. Best-in-class compute and development-supporting services that lead to 2x-10x faster builds, tests, and more.;
Headings (most frequently used words):
namespace, from, accessing, resources, id, token, workload, federation, with, openid, connect, cloud, external, systems, introducing, devboxes, we, re, hiring, join, us, generate, example, usage, of, tokens, prerequisites, obtain, credentials, an, oidc,
Text of the page (most frequently used words):
nsc (77), #namespace (24), token (23), the (21), your (19), oidc (18), github (16), with (15), federation (11), tokens (11), and (9), you (9), for (9), identity (9), list (9), registry (9), artifact (9), docker (9), systems (8), openid (8), setup (8), actions (8), workspace (7), cache (7), profile (7), namespacelabs (7), exchange (6), auth (6), com (6), service (6), from (6), issuer (6), connect (6), image (6), describe (6), base (6), action (6), nscloud (6), overview (6), access (5), credentials (5), audience (5), use (5), cloud (5), provider (5), can (5), external (5), generate (5), kubernetes (4), workload (4), system (4), https (4), this (4), example (4), login (4), vault (4), upload (4), buildx (4), instance (4), short (3), lived (3), that (3), dashboard (3), custom (3), obtain (3), url (3), register (3), allows (3), secure (3), accessing (3), resources (3), standard (3), authenticate (3), issue (3), usage (3), any (3), create (3), update (3), download (3), ingress (3), expose (3), container (3), remote (3), images (3), devboxes (3), started (3), display (2), replace (2), identifier (2), namespaceapis (2), client (2), specific (2), claims (2), trusted (2), need (2), support (2), identify (2), themselves (2), using (2), enable (2), verify (2), api (2), resource (2), id_token (2), target (2), required (2), aws (2), workloads (2), different (2), authentication (2), top (2), applications (2), status (2), trust (2), delete (2), sccache (2), pants (2), gradle (2), bazel (2), expiration (2), extend (2), volume (2), git (2), checkout (2), job (2), build (2), ssh (2), logs (2), builds (2), circleci (2), security (2), limits (2), storage (2), getting (2), logo (2), open (2), last, updated, september, 2025, command, should, succeed, name, signed, stores, will, used, automatically, subsequent, commands, found, tenant_id, toke, make, sure, configured, library, platforms, platform, endpoints, account, method, depends, once, registered, details, about, expected, before, must, contact, known, provide, prerequisites, then, issued, contains, including, authorize, requests, detail, authorization, bearer, curl, according, their, integration, requirements, export, application, sts, amazonaws, authenticating, claim, typically, aud, compliant, conform, allowing, accepts, relies, allow, interact, instead, relying, pre, shared, keys, which, more, easily, compromised, industry, protocol, built, oauth, provides, standardized, way, user, identities, information, across, widely, adopted, major, providers, enterprise, making, ideal, foundation, center, soc2, changelog, revoke, relationships, dev, check, set, add, default, policy, share, expire, release, submodules, test, run, optimize, cleanup, attach, context, kubectl, kubeconfig, write, port, forward, proxy, rdp, vnc, report, destroy, version, installation, cli, turbocache, breakpoint, cluster, sdk, explorer, rwx, gcp, permissions, audit, logging, data, residency, billing, workspaces, egress, filtering, performance, networking, secrets, volumes, machine, shapes, observability, windows, macos, linux, compute, framework, tailscale, claude, checkouts, nix, moonrepo, android, emulators, playwright, turborepo, integrations, coding, agents, sessions, development, managing, introduction, containers, previews, tracing, builders, reference, optimizing, migration, guide, debugging, caching, roles, hiring, join, read, article, introducing, sidebar, get, company, pricing, customers, cases,
Text of the page (random words):
federation with openid namespace logo use cases customers pricing resources company get started login open sidebar introducing devboxes read article we re hiring join us open roles logo overview github actions getting started caching docker builds custom base images debugging github actions migration guide optimizing usage reference docker builders getting started container registry tracing logs previews containers kubernetes devboxes introduction managing devboxes remote development sessions custom images coding agents integrations bazel turborepo playwright android emulators gradle sccache circleci pants moonrepo nix git checkouts docker images claude tailscale any framework compute overview linux macos windows observability ssh remote display machine shapes resource limits storage overview cache volumes container registry artifact storage secrets networking overview ingress performance security egress filtering workspaces overview access billing and limits data residency security audit logging permissions federation overview aws gcp openid github actions circleci rwx dashboard github actions builds registry usage explorer api sdk github actions namespacelabs nscloud setup namespacelabs nscloud setup buildx action namespacelabs nscloud cluster action namespacelabs nscloud cache action namespacelabs nscloud checkout action namespacelabs nscloud expose kubernetes action namespace actions upload artifact namespace actions download artifact namespacelabs breakpoint action namespace actions setup turbocache cli installation nsc version nsc login nsc workspace describe nsc create nsc destroy nsc extend nsc list nsc instance report nsc logs nsc top nsc ssh nsc vnc nsc rdp nsc proxy nsc instance port forward nsc instance download nsc instance upload nsc kubeconfig write nsc kubectl nsc docker login nsc docker attach context nsc docker remote nsc docker buildx setup nsc docker buildx cleanup nsc docker buildx status nsc build nsc base image upload nsc base image optimize nsc run nsc expose container nsc expose kubernetes nsc ingress list nsc ingress generate access token nsc github profile nsc github profile create nsc github profile list nsc github profile describe nsc github profile update nsc github profile delete nsc github profile test build base image nsc github base image list nsc github base image describe nsc github job list nsc github job describe nsc git checkout update submodules nsc volume list nsc volume release nsc artifact upload nsc artifact download nsc artifact expire nsc artifact extend nsc artifact describe nsc artifact cache url nsc registry list nsc registry describe nsc registry share nsc registry update image expiration nsc registry policy nsc registry default expiration nsc cache bazel setup nsc cache gradle setup nsc cache pants setup nsc cache sccache setup nsc vault list nsc vault add nsc vault set nsc vault delete nsc auth check login nsc auth generate dev token nsc auth trust relationships nsc token create nsc token list nsc token revoke changelog trust center soc2 status support workload federation with openid connect namespace relies on workload identity federation to allow namespace to interact with different systems instead of relying on pre shared keys which can be more easily compromised openid connect oidc is an industry standard authentication protocol built on top of oauth 2 0 it provides a secure standardized way for applications to verify user identities and exchange authentication information across different systems oidc is widely adopted by major cloud providers identity systems and enterprise applications making it an ideal foundation for workload federation accessing cloud resources from namespace identity federation with openid connect allows your namespace workloads to identify themselves to any oidc compliant system using short lived secure credentials to enable this federation namespace can issue id tokens that conform to the openid connect standard allowing your workloads to authenticate with any cloud provider or service that accepts oidc tokens generate a namespace id token you can generate an openid connect id token from namespace to authenticate with external systems nsc auth issue id token audience au d replace aud with the audience claim required by your target system this is typically the url of the service you re authenticating with a specific identifier required by the cloud provider e g sts amazonaws com for aws the client id of the application you re accessing example usage of namespace id tokens generate the id token for your target system export id_token nsc auth issue id token audience https your service example com use the token to authenticate with the external service according to their oidc integration requirements for example curl h authorization bearer id_token https your service example com api resource the id token is issued by https federation namespaceapis com and contains standard oidc claims including your namespace workspace identity this allows external systems to verify and authorize your requests in detail accessing namespace resources from external systems identity federation with openid connect allows external systems with oidc tokens to identify themselves to namespace using short lived secure credentials to enable this federation you need to register your oidc issuer as a trusted identity provider with namespace then exchange oidc tokens for namespace access tokens prerequisites before you can exchange oidc tokens for namespace credentials you must register your issuer with namespace contact namespace support to register your oidc issuer as a known and trusted issuer you ll need to provide the issuer url e g https your identity provider com your workspace id from the dashboard details about the expected token claims and audience obtain namespace credentials from an oidc token once your issuer is registered you can exchange oidc tokens for namespace access tokens obtain an oidc token from your identity provider the method depends on your system kubernetes use service account tokens or workload identity cloud platforms use platform specific token endpoints custom systems use your oidc client library to obtain tokens make sure federation namespaceapis com is configured as the audience exchange the oidc token for namespace credentials nsc auth exchange oidc token token toke n tenant_id workspace i d replace token with your oidc id token or access token and workspace id with your namespace workspace identifier found in the dashboard the command should succeed and display the name of the workspace you ve signed in to it stores a short lived token that will be used automatically in subsequent nsc commands last updated september 30 2025
|