Secure way for projects to *push* git commits to Prout? - Githubissues

guardian / prout

Looks after your pull requests, tells you when they're live

https://www.theguardian.com/info/developer-blog/2015/feb/03/prout-is-your-pull-request-out

Apache License 2.0

146 stars 14 forks source link

Secure way for projects to push git commits to Prout? #97

Open rtyley opened 1 year ago

rtyley commented 1 year ago

For Prout clients

Sign JWT (probably using AWS KMS API call) - send to

For Prout

https://www.altostra.com/blog/asymmetric-jwt-signing-using-aws-kms https://aws.amazon.com/blogs/security/how-to-verify-aws-kms-signatures-in-decoupled-architectures-at-scale/