W3C home > Mailing lists > Public > public-credentials@w3.org > March 2022

GitHub Integrations for securing Container Registries with Decentralized Identifiers & Verifiable Credentials

From: Orie Steele <orie@transmute.industries>
Date: Sun, 20 Mar 2022 16:10:40 -0500
Message-ID: <CAN8C-_LqhJBMDFTnuaOQuuZ0hQLD=Szp6Vi2=xOnfnPReMdFQQ@mail.gmail.com>
To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Cc: Sapan Narang <sapan@transmute.industries>

I wanted to share some updates I made to the github action we created for
working with DIDs and VCs in GitHub Workflows.


This is a demo / PoC... and it's got a bunch of security issues...

If you didn't trust GitHub, you could technically implement this all
yourself, with your corporate website, a jenkins build server, and your
favorite container registry, but GitHub sure has made everything nice and
centralized and easy :)


- Creating Container Revision VCs with DID Web in a GitHub Action
- Uploading the VC-JWT for the signed revision as a label to GitHub
Container Registry
- Pulling the latest container registry tag and checking the vc for the

Because VC-JWT is basically just a boring JWT with some extra semantic
sugar, off the shelf libraries can be used, see the "direct link" at the
bottom of the readme link above.


Chief Technical Officer

Received on Sunday, 20 March 2022 21:11:07 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:29 UTC