credctl oidc publish

Synopsis

credctl oidc publish [flags]

Description

credctl oidc publish uploads the OIDC discovery document and JWKS from ~/.credctl/oidc/ to an S3 bucket. The bucket serves as the backing store for the CloudFront distribution that acts as the OIDC issuer URL.

Files uploaded:

• s3://<bucket>/.well-known/openid-configuration (Content-Type: application/json)
• s3://<bucket>/keys.json (Content-Type: application/json)

Note

You do not normally need to run this command directly. credctl setup aws calls oidc generate and oidc publish automatically.

Flags

Flag	Type	Default	Description
--bucket	string	—	S3 bucket name to publish to. Required.
--region	string	us-east-1	AWS region of the S3 bucket.

Examples

Publish OIDC documents

credctl oidc publish --bucket credctl-oidc-123456789012 --region us-east-1

Uploading OIDC discovery document...
Uploading JWKS...
OIDC documents published to S3.

Exit codes

Code	Meaning
0	OIDC documents published successfully
1	Error (documents not generated, S3 upload failure, or other error)

See also

• credctl oidc generate — generate OIDC documents before publishing
• credctl setup aws — automated setup that includes OIDC publishing
• AWS setup guide — full AWS configuration walkthrough