PyTrust

PyTrust is a strategy game where the player takes on the role of a PyPI package maintainer who must publish their package using the trusted publishing method. The player must configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP), generate short-lived API tokens, and ensure that their release workflows are secure. Along the way, the player will encounter various security threats and must make strategic decisions to protect their package and its source repository.