Scene Image

Trusted Publishers: The Game

I don't always publish packages, but when I do, I use trusted publishers.

Simulation Security Text Game
As a PyPI package maintainer, navigate the world of trusted publishing and protect your packages from malicious actors while avoiding common security pitfalls. Use your knowledge of OpenID Connect to exchange short-lived identity tokens and delegate trust to your chosen identity provider. Configure trusted publishers to only release from a specific GitHub Actions environment to further increase the security of your release workflows. Correlate more information about where a given file was published from and verify related metadata like the URL of a source repository for a project.