{"id":34717829,"url":"https://github.com/cruxstack/octo-sts-distros","last_synced_at":"2026-01-17T06:42:08.111Z","repository":{"id":328809108,"uuid":"1114459397","full_name":"cruxstack/octo-sts-distros","owner":"cruxstack","description":"Distribution packages and deployment artifacts for Chainguard's Octo STS token service","archived":false,"fork":false,"pushed_at":"2026-01-13T04:08:42.000Z","size":269,"stargazers_count":1,"open_issues_count":2,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-13T21:33:53.323Z","etag":null,"topics":["ci-security","cicd","github-app","octo-sts","oidc","security","sts","token"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cruxstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-11T12:00:40.000Z","updated_at":"2025-12-30T23:15:49.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/cruxstack/octo-sts-distros","commit_stats":null,"previous_names":["cruxstack/octo-sts-distros"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/cruxstack/octo-sts-distros","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Focto-sts-distros","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Focto-sts-distros/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Focto-sts-distros/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Focto-sts-distros/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cruxstack","download_url":"https://codeload.github.com/cruxstack/octo-sts-distros/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Focto-sts-distros/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28502819,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T04:31:57.058Z","status":"ssl_error","status_checked_at":"2026-01-17T04:31:45.816Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci-security","cicd","github-app","octo-sts","oidc","security","sts","token"],"created_at":"2025-12-25T01:15:51.731Z","updated_at":"2026-01-17T06:42:08.105Z","avatar_url":"https://github.com/cruxstack.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# octo-sts-distros\n\nDeployment distributions for [octo-sts/app](https://github.com/octo-sts/app) - a\nSecurity Token Service that lets workloads exchange OIDC tokens for short-lived\nGitHub access tokens, eliminating long-lived PATs.\n\n**The upstream octo-sts/app works on its own** - this repository adds:\n\n- **Web-based GitHub App installer** - Create your GitHub App via a guided web\n  flow that auto-configures permissions and saves credentials to your chosen\n  backend\n- **Multiple credential storage backends** - Store GitHub App private keys in\n  local files, environment variables, or AWS SSM Parameter Store\n- **AWS Lambda distribution** - Terraform module for serverless deployment on\n  AWS\n- **Docker distribution** - Docker Compose setup for local development with\n  ngrok\n\n## Distributions\n\n### Docker (Local Development)\n\nDocker Compose setup for local testing and proof-of-concept deployments.\nIncludes automated GitHub App installer and ngrok integration.\n\n**Documentation:** [distros/docker/README.md](distros/docker/README.md)\n\n### AWS Lambda\n\nServerless deployment using API Gateway v2 and Lambda functions with Terraform.\n\n**Documentation:**\n[distros/aws-lambda/README.md](distros/aws-lambda/README.md)\n\n### GCP Cloud Run\n\nUse [octo-sts/app](https://github.com/octo-sts/app) directly - it has native\nCloud Run support.\n\n## Documentation\n\n- [Architecture Overview](docs/architecture.md) - System design, request flows,\n  security model, and API specification\n- [Component Breakdown](docs/components.md) - Detailed analysis of binaries,\n  packages, and dependencies\n\n## Repository Structure\n\n```\n.\n├── cmd/                   # Lambda entrypoints and HTTP wrappers\n├── distros/               # Deployment distributions\n│   ├── aws-lambda/        # AWS Lambda + API Gateway (Terraform)\n│   └── docker/            # Docker Compose for local development\n└── internal/              # Shared packages (app, sts, configstore)\n```\n\n## Quick Links\n\n- [octo-sts/app](https://github.com/octo-sts/app) - Upstream project\n- [Trust Policies](https://github.com/octo-sts/app#setting-up-workload-trust) -\n  Setup guide and security recommendations\n- [Original Blog Post][blog-post] - Background on octo-sts\n\n[blog-post]: https://www.chainguard.dev/unchained/the-end-of-github-pats-you-cant-leak-what-you-dont-have\n\n## Disclaimer\n\nThis repository is an independent community project and is not affiliated with,\nendorsed by, or associated with [Chainguard](https://www.chainguard.dev/) or\nthe maintainers of [octo-sts/app](https://github.com/octo-sts/app). All\ntrademarks belong to their respective owners.\n\n## License\n\nThis repository is licensed under the MIT License. See [LICENSE](LICENSE) for\ndetails.\n\nThe upstream octo-sts/app project uses the Apache 2.0 License. See\n[octo-sts/app LICENSE](https://github.com/octo-sts/app/blob/main/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcruxstack%2Focto-sts-distros","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcruxstack%2Focto-sts-distros","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcruxstack%2Focto-sts-distros/lists"}