Fly.io

To validate Fly.io ID Tokens, find the name of your organization using flyctl orgs list and replace example-org in the issuer configuration below.

config.yaml

issuers:
  fly:
    issuer: https://oidc.fly.io/example-org
    jwks_uri: https://oidc.fly.io/example-org/keys

Claims

policy.rego

claims.app_id = "11111111"
claims.app_name = "example-app"
claims.aud = "https://fly.io/example-org"
claims.exp = 1712099653
claims.iat = 1712099053
claims.image = "docker-hub-mirror.fly.io/you/image:latest"
claims.image_digest = "sha256:2c1cdaded1b3820020c9dc9fdd1d6e798d6f6ca36861bb6ae64019fad6be9ee3"
claims.iss = "https://oidc.fly.io/example-org"
claims.jti = "93ca09e1-70e0-477b-a260-1d8fcd4ef4f4"
claims.machine_id = "148e21ea7e46e8"
claims.machine_name = "example-machine"
claims.machine_version = "01HTGGC1TZ2JHK83J4AC0R3VET"
claims.nbf = 1712099053
claims.org_id = "11111111"
claims.org_name = "example-org"
claims.region = "sea"
claims.sub = "example-org:example-app:example-machine"

References

• Fly.io OIDC Documentation