RubyGems Trusted Publishing
RubyGems.org supports trusted publishing with OIDC tokens, enabling secretless gem publishing from CI/CD platforms.
Overview
RubyGems' trusted publishing feature uses OIDC authentication to verify publisher identity without requiring API keys. This provides:
- Secretless Workflow: No RubyGems API keys in CI/CD
- Automated Publishing: OIDC tokens authenticate gem pushes
- Security: Reduced risk of credential leakage
Key Capabilities
- OIDC token authentication for gem publishing
- Integration with GitHub Actions and other OIDC providers
- Per-gem trust configuration
- Token claim verification
Contributing
This page is a placeholder. We need your help to create comprehensive documentation!
What we need:
- Setup instructions for RubyGems trusted publishing
- GitHub Actions workflow examples
- Configuration steps on RubyGems.org
- Best practices for multi-gem repositories
- Troubleshooting guide
How to contribute:
- Open an issue to discuss content
- Submit a pull request with documentation
- Share your gem publishing workflows