OIDC-based auth for Doppler Provider

[michaelfedell]

Is your feature request related to a problem? Please describe.
Using the Doppler provider requires that a static access token be generated and kept in the cluster to authorize the SecretStore to Doppler.

Describe the solution you'd like
Doppler now supports OIDC Service Account auth which would provide a significant improvement to secret access. So long as the k8s cluster has an OIDC provider enabled, it should be able to use a k8s ServiceAccount token to authenticate to Doppler as the configured doppler service-account.

Describe alternatives you've considered
Rotating access tokens, deploying them to cluster, and reflecting across required namespaces... this approach is complex, fragile, and less secure than identity-based access.

Additional context

• https://docs.doppler.com/docs/service-account-identities

[Skarlso]

Hello!

Would this be something you two @ryan-blunden @nmanoogian could please take care off as you are the maintainers of the Doppler implementation? :) It would be really appreciated. :)))) 🙇

[nmanoogian]

Thanks for the recommendation, @michaelfedell!

@Skarlso, we'd love to! We're tracking this internally and will follow up here with updates.

[Skarlso]

Thanks!!!

[michaelfedell]

Thanks @nmanoogian - any update here or anything we can help with?

[nmanoogian]

Hey @michaelfedell! Our product team has this prioritized but we don't have any updates on a timeline just yet.