Scene Image

PyPI Trusted Publishers

I don't need long-lived passwords, just short-lived tokens!

Tech Security Text Game
In this text-based game, you play as a PyPI package maintainer who has to securely publish packages with the new 'Trusted Publishers' feature using OpenID Connect (OIDC) standard. You must configure PyPI to trust a GitHub repository and enable trusted publishing with short-lived identity tokens. But be careful, as you must avoid hackers and ensure that only a trusted subset of repository maintainers approve each package release.