Trust Registry EN

PatternedDesigns Trust Registry

Cryptographic signing key and identity disclosure for PatternedDesigns artifacts.

Healthy
5 active keys · 5 identities
Updated Feb 23, 2026

Active Signing Keys

Ed25519 Primary Signing Key (2026)
Ed25519 Active
SHA256:mV3rN8pQ2sK7wX1bF5t…
Jan 2026 – Jan 2027
Ed25519 Secondary Signing Key (2025)
Ed25519 Active
SHA256:rC9xG2oP6wA3sU7yM4b…
Mar 2025 – Mar 2026
Ed25519 Emergency Replacement Key (Oct 2025)
Ed25519 Active
SHA256:nD2vH5kM8tY1cL4qW9e…
Oct 2025 – Oct 2026
AWS KMS Container Signing Key (2025)
Cloud-KMS-ECDSA-P256 Active
SHA256:pE3wJ6lN9xB2rT5vG8d…
Jun 2024 (no expiry)
Keyless OIDC — Gitea Actions
Keyless-OIDC Active
Ephemeral — no persistent key material
Sep 2024 (no expiry)

Active Signing Identities

Signing identities represent the entities authorized to create cryptographic signatures on behalf of this organization. Each identity is bound to a specific key and defines who or what is permitted to sign.

Gitea Actions — Release Pipeline CI Pipeline

Primary CI identity for versioned release artifact signing.

Nightly Build Automation Automation

Automated signing for nightly snapshot builds and internal test artifacts.

AWS KMS — Container Image Signer Cloud KMS

Hardware-backed signing identity for container images. Private key never leaves AWS KMS.

Sigstore Keyless — Gitea Actions CI Keyless / OIDC

Ephemeral OIDC-based signing via Sigstore. No persistent key material.

Current Policy

Production Release Signing Policy v2 signing-requirements

Defines the trusted key set, algorithm requirements, and rotation schedule for all production release artifact signing.

Effective Jan 15, 2025 · Review due Jan 15, 2027
View policy details →
View all keys Verify artifacts API v1