For pipelines and other machine access, users should be able to configure and exchange an OIDC token for an API key that permits access for a configurable duration and discrete set of permissions (https://docs.zenable.io/permissions)