The Linux Foundation, BastionZero, and Docker have collaborated to launch the OpenPubkey project. OpenPubkey is an open-source cryptographic protocol that aims to enhance the security of the open-source software ecosystem through zero-trust passwordless authentication.
OpenPubkey was developed as part of BastionZero’s secure infrastructure access product. It allows users to securely bind cryptographic keys to users and workloads by transforming an OpenID Connect Identity Provider (IdP) into a Certificate Authority (CA). In conjunction with the launch of OpenPubkey, BastionZero has integrated it for Docker container signing, further strengthening the security of the software supply chain. Developers can leverage OpenPubkey to build software supply chain or security applications. By augmenting OpenID Connect, OpenPubkey enables users and workloads to sign artifacts under their OpenID identity. These cryptographic keys can be used for secure remote access, as well as signed builds, deployments, and code commits for software supply chain security.
For more information about OpenPubkey, including how to get involved, contribute, and join the community, visit the GitHub page.