Managing API keys is one of the top security concerns we hear from customers. Today we’re introducing keyless auth for Claude Platform: authenticate via browser with the CLI, or let workloads use their existing cloud identity (AWS, GCP, Azure, or any OIDC token provider). https://t.co/uyuAB14lNJ
Anthropic Launches Keyless Authentication to Secure Claude API Workloads
Anthropic· Updated
Anthropic introduced Workload Identity Federation to replace static API keys with short-lived tokens for automated tasks. This move eliminates the risk of leaked long-lived credentials by allowing workloads to authenticate using existing cloud identities from AWS, Google Cloud, and Azure.
- Availability
- All Claude Platform users
- Supported providers
- AWS, Google Cloud, Azure, and others
- Token lifetime
- 60 to 86400 seconds
- Authentication protocol
- OpenID Connect (OIDC)
- Credential type
- Short-lived access tokens
Static credentials are a primary security vulnerability, often leaked in logs or code repositories. By shifting to federated identity, Anthropic replaces permanent keys with tokens that expire in minutes. This update aligns with the authentication patterns described in Anthropic's production playbook for cloud agents for securing autonomous workloads.
You can configure WIF in the Claude Console to map cloud identities to service accounts. The Anthropic SDKs now handle the exchange and refresh of these temporary tokens automatically. This feature is available now for all Claude Platform users, with native presets for major cloud providers to simplify setup.
Still wondering? A few quick answers below.
Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →



