Scene Image

The Secure Package

Don't get hacked, get secure!

You are a PyPI package maintainer tasked with adopting the new 'Trusted Publishing' method that eliminates the need for long-lived passwords and API tokens. Navigate the automated environment and configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP). Securely publish packages by generating identity tokens and configure trusted publishers to only release from a specific GitHub Actions environment to increase security. Keep up with future security improvements for PyPI by using this new method.