1. Resources
  2. /
  3. Changelog
  4. /
  5. Agent v3.104+: OIDC token requests now require Job API socket for redaction

Agent v3.104+: OIDC token requests now require Job API socket for redaction

Starting in Agent v3.104.0, OIDC tokens are automatically redacted from build logs by default. This security improvement uses the Job API (a local API exposed over a unix socket) to perform redaction.

By default, the Job API environment variables (BUILDKITE_AGENT_JOB_API_SOCKET and BUILDKITE_AGENT_JOB_API_TOKEN) and socket are available in the job environment. However, when running buildkite-agent oidc request-token in a container or sandbox, these variables and the socket path must be explicitly passed through. See this docker-compose example.

If the Job API is not accessible, the command will fail with:

buildkite-agent: fatal: failed to create Job API client: BUILDKITE_AGENT_JOB_API_SOCKET empty or undefined

Who is affected: Customers using buildkite-agent oidc request-token outside of a standard Buildkite job environment.

Workaround: If you're unable to make the Job API available to buildkite-agent oidc request-token, you can disable automatic redaction with:

buildkite-agent oidc request-token --skip-redaction

If you need to roll back, v3.103.1 does not include this change.

Sorcha

Atom feed

Start turning complexity into an advantage

Create an account to get started for free.

Buildkite Pipelines

Platform

  1. Pipelines
  2. Public pipelines
  3. Test Engine
  4. Package Registries
  5. Mobile Delivery Cloud
  6. Pricing

Hosting options

  1. Self-hosted agents
  2. Mac hosted agents
  3. Linux hosted agents

Resources

  1. Docs
  2. Blog
  3. Changelog
  4. Example pipelines
  5. Plugins
  6. Webinars
  7. Case studies
  8. Events
  9. Migration Services
  10. CI/CD perspectives

Company

  1. About
  2. Careers
  3. Press
  4. Security
  5. Brand assets
  6. Contact

Solutions

  1. Replace Jenkins
  2. Workflows for MLOps
  3. Testing at scale
  4. Monorepo mojo
  5. Bazel orchestration

Legal

  1. Terms of Service
  2. Acceptable Use Policy
  3. Privacy Policy
  4. Subprocessors
  5. Service Level Agreement
  6. Supplier Code of Conduct
  7. Modern Slavery Statement

Support

  1. System status
  2. Forum
© Buildkite Pty Ltd 2026