Keeper Security launched a new open-source project to easily and securely sign git commits with their Keeper vault. Through Keeper Secrets Manager (KSM), users can now use Secure Shell (SSH) keys stored in their Keeper Vault. It digitally signs commits to confirm the authenticity of the code and provides users with a secure and encrypted repository for their SSH keys preventing disk storage.
The new open-source project supports a broader government and industry effort to increase security and visibility to the open-source community. Developers can easily validate the authenticity of the software through a cryptographic digital signature enhancing security for both developers and end-users.
Cryptographic proof of authorship
Developers will be provided with a cryptographic proof of authorship, securing the supply chain and assuring the credibility of the software. A Software Bill of Materials (SBOM) can be supplied with digital signatures indicating further security.
“Our integration enables developers to validate the software code with a cryptographic digital signature and transparent logging, making what historically has been a complex process into a simple one. In the future, all code will be signed, and the software supply chain will have one source of truth that will reduce supply chain attacks,” said Craig Lurey, CTO and co-founder of Keeper Security.