Trusted Publishers: The Game

You are a PyPI package maintainer responsible for maintaining and securing your packages. Use the OpenID Connect standard to exchange short-lived identity tokens between a trusted third-party service and PyPI. Eliminate the need to use long-lived passwords or API tokens to authenticate with PyPI when publishing. Choose the right Github repository, workflow, and set permissions to generate identity tokens. Securely publish your packages without the fear of getting hacked, and earn the trust of the community as a trusted publisher.