Skip to content

Update Security PGP Key #16768

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kmosher merged 1 commit into from
Dec 10, 2025
Merged

Update Security PGP Key #16768

kmosher merged 1 commit into from
Dec 10, 2025

Conversation

@kmosher
Copy link
Contributor

@kmosher kmosher commented Dec 8, 2025

Proposed changes

This refreshes and updates the PGP key we publish on pulumi.com/security

Related issues (optional)

https://github.com/pulumi/home/issues/4031

Copilot AI review requested due to automatic review settings December 8, 2025 23:53
@kmosher kmosher added the impact/no-changelog-required This issue doesn't require a CHANGELOG update label Dec 8, 2025
@claude
Copy link
Contributor

claude bot commented Dec 8, 2025

Documentation Review

I've reviewed PR #16768 which updates the security PGP key. Here are my findings:

✅ Positive Changes

  • The update is clearly documented in the PR description with a link to the related issue
  • The file structure is maintained properly
  • The PGP key block format is correct with proper BEGIN/END markers

📝 Observations

Security Content Update:

  • The PGP key is being replaced from an RSA 4096-bit key to an Ed25519 key (modern elliptic curve cryptography)
  • Key fingerprint changes from CB B89C 1E7C BFA6 596C B9E5 1654 7506 29F4 FF95 to a new fingerprint
  • Email changes from team@pulumi.com to security@pulumi.com (more appropriate for security communications)
  • Key comment updated to: "Pulumi Security (Used for security emails)"

This appears to be a legitimate security key rotation, which is a good security practice. The move to Ed25519 is also aligned with modern cryptographic best practices.

ℹ️ Style Compliance

The changes comply with the repository's style guidelines:

  • Markdown formatting is correct
  • Code fence for the PGP key block is properly formatted
  • File appears to end with a newline (though I cannot verify from diff alone per CI guidelines)

✅ Verdict

No issues found. The changes are appropriate for a security key rotation.

Need additional reviews or fixes? Mention me (@claude) in the comments.

@kmosher kmosher requested a review from zacdirect December 8, 2025 23:55
Copilot AI reviewed Dec 8, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the PGP public key published on the Pulumi security page. The change replaces an older key associated with team@pulumi.com with a new key specifically designated for security communications at security@pulumi.com, providing better alignment with the documented security contact email and improved security practices through key rotation.

  • Replaces the PGP public key block with a new, refreshed key
  • Updates the key identifier from "Pulumi Team" to "Pulumi Security (Used for security emails)"
  • Aligns the key's email address with the actual security contact email used throughout the page

@pulumi-bot
Copy link
Collaborator

pulumi-bot commented Dec 8, 2025

Your site preview for commit e0857e6 is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-16768-e0857e61.s3-website.us-west-2.amazonaws.com.

@zacdirect
Copy link

zacdirect commented Dec 9, 2025

Looks good, is the new private key available in 1password so we can be sure to decrypt reports sent with this? Some info around expiration date etc would be good to have in the shared record as well.

@kmosher
Copy link
Contributor Author

kmosher commented Dec 10, 2025

Everything else is documented in the ticket

@kmosher kmosher merged commit e22afb8 into master Dec 10, 2025
20 checks passed
@kmosher kmosher deleted the kmosher/update-pgp-key branch December 10, 2025 17:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@zacdirect zacdirect zacdirect approved these changes

Assignees

No one assigned

Labels

impact/no-changelog-required This issue doesn't require a CHANGELOG update

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kmosher @pulumi-bot @zacdirect