Is your feature request related to a problem? Please describe.
Currently, Tolgee’s S3 integration relies on AWS Access Keys. From a security perspective, long-lived access keys are considered less secure because they need to be stored and rotated regularly. Many security teams recommend avoiding static credentials entirely and instead using short-lived, automatically rotated credentials via OpenID Connect (OIDC).
As a result, using Tolgee with AWS S3 may not meet stricter security requirements without additional operational overhead (manual key rotation, secret management, etc.)
Describe the solution you'd like
Add support for AWS authentication via OpenID Connect (OIDC) for integrations such as S3.
This would allow Tolgee to assume AWS roles using OIDC tokens instead of static access keys, improving security by:
Eliminating the need for long-lived credentials
Enabling automatic credential rotation
Aligning with modern cloud security best practices
Describe alternatives you've considered
Rotating AWS access keys regularly (adds operational overhead and risk)
Additional context
Example of similar functionality: Bitbucket Pipelines supports AWS deployments using OIDC:
https://support.atlassian.com/bitbucket-cloud/docs/deploy-on-aws-using-bitbucket-pipelines-openid-connect/
Is your feature request related to a problem? Please describe.
Currently, Tolgee’s S3 integration relies on AWS Access Keys. From a security perspective, long-lived access keys are considered less secure because they need to be stored and rotated regularly. Many security teams recommend avoiding static credentials entirely and instead using short-lived, automatically rotated credentials via OpenID Connect (OIDC).
As a result, using Tolgee with AWS S3 may not meet stricter security requirements without additional operational overhead (manual key rotation, secret management, etc.)
Describe the solution you'd like
Add support for AWS authentication via OpenID Connect (OIDC) for integrations such as S3.
This would allow Tolgee to assume AWS roles using OIDC tokens instead of static access keys, improving security by:
Eliminating the need for long-lived credentials
Enabling automatic credential rotation
Aligning with modern cloud security best practices
Describe alternatives you've considered
Rotating AWS access keys regularly (adds operational overhead and risk)
Additional context
Example of similar functionality: Bitbucket Pipelines supports AWS deployments using OIDC:
https://support.atlassian.com/bitbucket-cloud/docs/deploy-on-aws-using-bitbucket-pipelines-openid-connect/