Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market!
We are thrilled to announce Ory Kratos v1.0, the powerful Identity, User Management, and Authentication system! With this major update, Ory Kratos brings a host of enhancements and fixes that greatly improve the user experience and overall performance.
Several compelling reasons led to label Ory Kratos as a major release and graduated project: Ory Identities on Ory Network, powered by Ory Kratos, has been serving production traffic for well over a year, flawlessly. Ory Kratos is successfully processing over 100 million API requests daily and has about 100 million Docker Pulls. We have maintained stability within the Ory Kratos APIs for nearly two years, demonstrating their robustness and reliability. No breaking changes mean that developers can trust the stability of Ory Kratos in production.
Ory Kratos 1.0 introduces a variety of new features while focusing on stability, robustness, and improved performance. Major enhancements include support for social login and single-sign-on via OpenID connect in native apps, emails sent through HTTP rather than SMTP, and full compatibility with Ory Hydra v2.2.0. Users will also find multi-region support in the Ory Network for broader geographic reach, improved export functionality for all credential types, and enhanced session management with the introduction of the "provider ID" parameter. Other additions comprise distroless images for leaner resource utilization and faster deployment and support for the Lark OIDC provider.
Significant improvements and fixes accompany these new features. Enhanced OIDC flows now include the ability to forward prompt upstream parameters, offering developers increased flexibility and customization options. The logout flow also supports the return_to
parameter, facilitating more flexible redirection post-user logout. Performance has been a key focus, with Ory Kratos 1.0 now capable of handling hundreds of millions of active users monthly. Critical bug fixes have been applied to prevent users from being redirected to incorrect destinations, ensuring smoother authentication and authorization. Additionally, there's more support for legacy systems via implemented crypt(3) hashers and a fix for metadata patching has been deployed to ensure consistent user metadata management. For a detailed view of all changes, refer to the changelog on GitHub. Feedback and support are, as always, greatly appreciated.
Ory Kratos 1.0 is a major release that marks a significant milestone in our journey.
We sincerely hope that you find these new features and improvements in Ory Kratos 1.0 valuable for your projects. To experience the power of the latest release, we encourage you to get the latest version of Ory Kratos here or leverage Kratos in Ory Network — the easiest, simplest, and most cost-effective way to run Ory.
For organizations seeking to upgrade their self-hosted solution, Ory offers dedicated support services to ensure a smooth transition. Our team is ready to assist you throughout the migration process, ensuring uninterrupted access to the latest features and improvements. Additionally, we provide various support plans specifically tailored for self-hosting organizations. These plans offer comprehensive assistance and guidance to optimize your Ory deployments and meet your unique requirements.
We extend our heartfelt gratitude to the vibrant and supportive Ory Community. Without your constant support, feedback, and contributions, reaching this significant milestone would not have been possible. As we continue on this journey, your feedback and suggestions are invaluable to us. Together, we are shaping the future of identity management and authentication in the digital landscape.
Contributors to this release in alphabetical order: borisroman, ci42, CNLHC, David-Wobrock, giautm, IchordeDionysos, indietyp, jossbnd, kralicky, PhakornKiong, sunakan, steverusso
Are you passionate about security and want to make a meaningful impact in one of the biggest open-source communities? Join the Ory community and become a part of the new ID stack. Together, we are building the next generation of IAM solutions that empower organizations and individuals to secure their identities effectively.
Want to check out Ory Kratos yourself? Use these commands to get your Ory Kratos project running on the Ory Network:
brew install ory/tap/cli
scoop bucket add ory https://github.com/ory/scoop.git
scoop install ory
bash <(curl <https://raw.githubusercontent.com/ory/meta/master/install.sh>) -b . ory
sudo mv ./ory /usr/local/bin/
ory auth
ory create project --name "My first Kratos project"
ory open account-experience registration
ory patch identity-config \\
--replace '/identity/default_schema_id="preset://username"' \\
--replace '/identity/schemas=[{"id":"preset://username","url":"preset://username"}]' \\
--format yaml
ory open account-experience registration
Ability to patch metadata even if it is null
(#3304) (3c04d8f)
Accept OIDC login request in browser+JSON login flow (#3271) (ad54093):
fix: OIDC login in browser JSON flow
test: add test for OIDC+JSON continuity cookie
Add error checking when creating verification code (#3328) (7182eca)
Add missing SessionIssued event for api flows (#3348) (adf78e0):
Cypress TOTP test (eac908c)
Don't assume the login challenge to be a UUID (#3317) (3172862):
For compatibility with https://github.com/ory/hydra/pull/3515, which now encodes the whole flow in the login challenge, we cannot further assume that the challenge is a UUID.
e2e: Install kratos-selfservice-ui-node peer deps (#3354) (ce20063)
Identity list pagination (#3325) (9d3ef0d):
Resolves a pesky issue that would skip the last page.
Properly normalize uppercase mail addresses (4984e0f):
Fixes https://github.com/ory/kratos/issues/3187 Fixes https://github.com/ory/kratos/issues/3289
Provide index hint in QueryForCredentials (#3329) (4ba530e):
fix: provide index hint in QueryForCredentials
feat: remove customizable join predicate in QueryForCredentials
chore: remove obsolete config tracer
Remove codeball (aa29606)
Return HTTP 400 instead of 500 for bad query parameters (58258eb)
sdk: Update the API spec to reflect the 204 NoContent in DeleteIdentityCredentials (#3347) (f3dee86)
Settings should persist return_to
after required mfa login flow (#3263) (0ed1abd):
fix: get settings should persist return_to
when redirecting to aal2
feat(e2e): verify return_to
persists in recovery flows
test: recovery strategy with mfa account
test: code recovery return to persists to settings with aal2
u
fix: return to settings flow after mfa login
fix(test): login handler
fix: flow between settings and mfa
fix: get settings endpoint should redirect to settings ui instead of to itself
feat(test): preserve URL from various settings flows through login mfa flow
chore: cleanup
fix(e2e): recovery return to spa tests
fix: e2e proxy
fix: do not always redirect back to settings on mfa
fix: new settings flow with required mfa shouldn't be added to login flow return_to unless it contains a return_to parameter
fix(e2e): let test dynamically handle required_aal
chore: cleanup unused code
test: DoesSessionSatisfy
with method options
test: recovery strategy with aal2
String to enum for updateVerificationFlowWithLinkMethod Method (#3279) (34ff1d2), closes #2943
Update correct typo (#3281) (0fea75c):
The text for verification code input should be Verification code
not Verify code
.
Use the correct redirect_uri for linkedin social login (#3269) (27ccecc)
Add “provider id” parameter to kratos session (#3292) (387f5a2), closes #3283
Add return_to parameters to the createLogout
handler (#3336) (08fed36):
feat: add return_to parameters to the createLogout
handler
test: logout take over return_to from create to update
test(e2e): logout return to
test(e2e): logout return to
test: logout return_to isnt applicable to react
Allow customization of JOIN predicate in QueryForCredentials (#3253) (8785166)
Emit events for login/logout and registration (#3235) (c784b7e)
Forward prompt
upstream parameter during OIDC flow (#3276) (d290cb0), closes #2709
Implement crypt(3)
hashers (#3303) (afe06db), closes #3291:
This PR implements md5crypt, sha256crypt, sha512crypt, which are considered legacy (like md5), but are used in legacy systems looking to convert to ory. They use the existing format of crypt(5) (which is compliant to PHC).
Improve event types and capture more events (#3297) (835fe13)
Return to oauth flow after switching from login to other flows (#3212) (a1fea6c):
feat: return to oauth flow after switching from login to other flows
feat(e2e): flows should have return_to set to hydra request_url
u
fix: override return_to URL on OAuth flows
style: format
fix: TestOAuth2Provider
feat: config to opt into using OAuth request url as return_to
chore: cleanup
fix(e2e): oauth2 login flow switching to recovery
feat(test): oauth2 login flow to recovery through oidc provider
fix(e2e): oidc-provider registration
chore: rename oauth2_provider.return_to_enabled
to oauth2_provider.override_return_to
style: format
chore: nit config description
Support exporting of all credential types (#3290) (de6c857):
It's now possible to export all credential types (including passwords) when calling the getIdentity
SDK method.
Support OIDC flows for native apps (#3216) (cb10609), closes #707:
Implements Social Sign In and OpenID Connect for native apps.
Run Playwright in CI (#3259) (342edec):
run Playwright in CI
add cleanup for session token exchangers
fixup: ci
fix: compatibility between OIDC+code and other flows
This improves the compatibility between OIDC+code and other flows such as TOTP, settings, password auth.
Update persistence/sql/persister_cleanup_test.go
fix: error handling with OIDC+Code
fix: increase playwright timeout
@barnarddt @hperl feat: send emails via http api endpoint instead of smtp (#1030) (#3341) (28b7b04), closes #1030 #3341 #1030 #3008:
This change adds a new delivery method to the courier called mailer
. Similar to SMS functionality it posts a templated Data model to a API endpoint. This API can then send emails via a CRM or any other mechanism that it wants.
Mailer
still uses the existing email data models so any new email added will automatically be sent to the API/CRM as well.
createLogout
handler (#3336)prompt
upstream parameter during OIDC flow (#3276)crypt(3)
hashers (#3303)null
(#3304)return_to
after required mfa login flow (#3263)Artifacts can be verified with cosign using this public key.
We’re excited to announce the release of Ory Kratos v0.13.0! This update brings many enhancements and fixes, improving the user experience and overall performance. In general, Ory Kratos is reaching complete API stability and we're adding some missing features next, paving the road to v1.0.
Ory Kratos serves over 500M users monthly in various companies, and is the backbone of the Ory Network (the best, cheapest, easiest way to run Ory).
Here are the highlights:
We hope you enjoy these new features and improvements in Ory Kratos v0.13.0! All features are already live on the Ory Network - the simplest, fastest and most scalable way to run Ory.
Please note that the v0.12.0 release was skipped due to CI issues.
Head over to the changelog at https://github.com/ory/kratos/blob/master/CHANGELOG.md to read all the details. As always, we appreciate your feedback and support!
By default, Kratos no longer sends out these Emails. If you want to keep notifying unknown addresses (keep the current behavior), set selfservice.flows.recovery.notify_unknown_recipients
to true
for recovery, or selfservice.flows.verification.notify_unknown_recipients
for verification flows.
Account experience redirects to verification page (#3195) (2e96d75)
Account settings broken on OIDC removal (#3185) (61ae531), closes ory-corp/cloud#3514
Add after_verification_return_to
to sdk and api docs (#3097) (c70704c), closes #3096
Add HydraLoginRequest
on flow creation (#3152) (09312dd), closes #3108:
The oauth2_login_request field was missing when initially creating the login flow.
Add missing code
discriminator in updateVerificationFlow (#3213) (21576be)
Add mutex to test SMTP server setup/teardown (20c2359)
Avoid unchecked casts from IdentityPool to PrivilegedIdentityPool (71d35dd)
Correctly apply patches to identity metadata (#3103) (1193a56), closes #2950
Don't return 500 if active strategy is disabled (#3197) (3a734c2)
Don't treat missing session as error in tracing (290d28a)
Error messages in OpenAPI/Swagger / improve error messages from failed webhooks and client timeouts (#3218) (b1bdcd3)
Handle upstream errors in patreon provider (#3032) (39fa31f)
Identity.CopyWithoutCredentials (989c99d)
Implement offline scope in the way google expects (#3088) (39043d4)
Improve webhook resilience (#3200) (0a05d99):
Invalid SQL syntax in ListIdentities (#3202) (162ab9b):
PostgresQL does not support ... WHERE x IN ( )
with an empty argument list.
Issuer missing from netid claims (#3080) (dec7cbc):
The NetID provider omits the issuer claim in the userinfo response. To resolve this issue, the ID token returned by NetID is now validated and its sub
and iss
values are used.
Lint errors and unused code (ae49ef0)
Make session AAL satisfaction check resilient against a nil identity in the session (5ab1a56):
Also fix tracing.
Missing issuer regression in OIDC (#3220) (52f0740):
Closes https://github.com/ory/kratos/issues/3182 Closes https://github.com/ory/kratos/issues/3040
Nolint comment (93e6501)
Only return one result set for credentials_identifier (#3107) (59f35d1), closes #3105
Orphaned webhook spans (a7f9414)
Re-use existing CSRF token in verification flows (#3188) (08a3447):
fix: re-use existing CSRF token in verification flows
chore: fix if/else
Reduce SQL tracing noise (1650426)
Remove http.Redirect
from show_verification_ui
hook (#3238) (054705b)
Report correct errors for json schema validation (#3085) (9477ea4):
jsonschema.ValidationError
to errors codes documented here
Validation | Name | ID |
---|---|---|
maxLength |
ErrorValidationMaxLength | 4000017 |
minimum |
ErrorValidationMinimum. | 4000018 |
exclusiveMinimum |
ErrorValidationExclusiveMinimum | 4000019 |
maximum |
ErrorValidationMaximum | 4000020 |
exclusiveMaximum |
ErrorValidationExclusiveMaximum | 4000021 |
multipleOf |
ErrorValidationMultipleOf | 4000022 |
maxItems |
ErrorValidationMaxItems | 4000023 |
minItems |
ErrorValidationMinItems | 4000024 |
uniqueItems |
ErrorValidationUniqueItems | 4000025 |
type |
ErrorValidationWrongType | 4000026 |
Respect the after recovery return to URL from config (#3141) (3467fd3):
Set DB connection max idle time (8d4762c)
Set proper maxAge for session cookies (#3209) (1180c05), closes #3208
Test contract names (e9ac00b)
Add a new admin API to remove a specific 2nd factor credential (#2962) (44556a4), closes #2505
Add API to batch insert identities (#3157) (829bda7), closes ory/network#266
Add Inspect option to driver (8aa75e9)
Add test to verify GetIdentityConfidential expands everything (#3217) (f088ccd)
Add token prefixes to session and logout tokens (#3132) (8210cd0):
This feature adds token prefixes to Ory session and logout tokens:
ory_st_
: Ory session token prefixory_lt_
: Logout token prefixAdd upstream parameters to oidc provider (#3138) (b6b1679), closes #3127 #2069:
This PR introduces the upstream OIDC query parameters login_hint
and hd
.
To send additional upstream parameters the form can post this on a login, registration or settings link submit.
For example the form below does an OIDC flow to Google. We can now add additional parameters such as login_hint
and hd
to the upstream request to Google login with a pre-filled email [email protected]
:
<form action="https://kratos/self-service/login?flow=">
<input type="submit" name="provider" value="google" />
<input
type="hidden"
name="upstream_parameters.login_hint"
value="[email protected]"
/>
<input type="hidden" name="upstream_parameters.hd" value="example.com" />
</form>
Allow importing (salted) SHA hashing algorithms (#2741) (132255e), closes #2422
Allow passing transient data from registration to webhook (#3104) (4a3a076)
Don't pre-generate UUIDs for transient objects (e17f307)
Even more tracing of hidden HTTP requests (9d8b1e2)
Improve tracing span naming in hooks (bf828d3)
Improve webhook diagnostics (d4eb2f6)
Improved oidc flow on duplicate account registration (#3151) (4d2fda4):
This PR improves the OIDC registration flow when a duplicate account error happens.
Currently the flow looks as follows:
Instead of causing a confusing redirect loop we should show the user the error with a fresh login flow (since the account exists). This also gives the user the option to do a recovery flow.
Let DB generate ID for session devices (62402c7)
Make notification to unknown recipients configurable (#3075) (1a5ead4), closes #2345 #2585:
Added the ability to configure whether the system should notify unknown recipients, if some tries to recover their account or verify their address ("anti-account-enumeration measures").
Make password validator (HIBP check) cancelable and add tracing (28f8914)
Parallelize get identity and session calls (#3023) (6393519)
Refactor credentials fetching (#3183) (590269f):
This change revamps the way we fetch identity credentials. We no longer need most of the helper fields for gobuffalo/pop inside the Identity
and Credentials
structures, and we collect all the credentials in one joined query rather than using pop's EagerPreload
functionality.
Return hydra error messages (b3d037b)
Return verification flow ID after registration flow (#3144) (eb854be), closes #2975
Show "continue" screen after successful verification (#3090) (fb6b160), closes /github.com/ory-corp/cloud#3925 /github.com/ory/network#228:
The link
strategy for verification now shows a confirmation screen with a "continue" link after successful verification, aligning its behavior to the code
strategy.
Also fixes a bug, where the default_browser_return_url
of the verification flow was not respected when using the code strategy.
Social sign in via linkedin (#3079) (5de6bf4), closes #2856:
Adds LinkedIn as a social sign in provider.
Webhooks that update identities (2cbee3e), closes #2161:
Introduces a new configuration response.parse
in webhooks. This enables updating of identity data during registration, including admin/public metadata, identity traits, enabling/disabling identity, and modifying verified/recovery addresses.
Please note that can_interrupt
is being deprecated in favor of response.parse
.
Revert "fix: do not omit last page on identity list (#3169)" (#3184) (73b5f13), closes #3169 #3184:
This reverts commit f95f48a79395b7b99c7482c0974bc5188e007cc0.
HydraLoginRequest
on flow creation (#3152)after_verification_return_to
to sdk and api docs (#3097)code
discriminator in updateVerificationFlow (#3213)http.Redirect
from show_verification_ui
hook (#3238)Artifacts can be verified with cosign using this public key.
We are constantly working to improve Ory Kratos and this release is no exception. Thank you for using Ory and please let us know if you have any feedback or encounter any issues.
The /admin/courier/messages
endpoint now uses keysetpagination
instead.
Add missing indexes for identity delete (#2952) (dc311f9):
This significantly improves the performance of identity deletes.
Cors headers not added to the response #2922 (#2934) (1ed6839)
Flaky test now stable (4e5dcd0)
Pin geckodriver version to bypass GitHub API quota (#2972) (585cb9e)
Remove unused x-session-cookie parameter (#2983) (56b5c26):
This patch removes the undocumented and experimental X-Session-Cookie
header from the /sessions/whoami
endpoint.
Respect return_to
URL parameter in registration flow when the user is already registered (#2957) (3462ce1)
Set config at the start (e58bc6e)
Spurious cancelation of async webhooks, better tracing (#2969) (72de640):
Previously, async webhooks (response.ignore=true) would be canceled early once the incoming Kratos request was served and it's associated context released. We now dissociate the cancellation of async hooks from the normal request processing flow.
TOTP internal context after saving settings (#2960) (8b647b1), closes #2680
Update pquerna/otp to fix TOTP URL encoding (#2951) (7248636):
v1.4.0 fixes generating TOTP URLs. Query params now use %20 instead of + to encode spaces. + was not correctly interpreted by some Android authenticator apps, and would show up in the issuer name, e.g. "My+Issuer" instead of "My Issuer".
Update year (d77e2cf)
Webhook tracing instrumentation+memory leak (f0044a3)
Add client IP to span events (7ce3a74)
Improve error message when no session is found (#2988) (7ad2b97)
Remove duplicate queries from whoami calls (#2995) (b50a222), closes #2402:
Introduces an expand API to the identity persister which greatly improves whoami performance.
return_to
URL parameter in registration flow when the user is already registered (#2957)Artifacts can be verified with cosign using this public key.
Re-release the SDK.
Artifacts can be verified with cosign using this public key.
We achieved a major milestone - Ory Kratos is out of alpha! Ory Kratos had no major changes in the APIs for the last months and feel confident that no large breaking changes will need to be introduced in the near future.
This release focuses on quality-of-live improvements, resolves several bugs, irons out developer experience issues, and introduces session renew capabilities!
Please be aware that the SDK method signatures for submitSelfServiceRecoveryFlow
, submitSelfServiceRegistrationFlow
, submitSelfServiceLoginFlow
, submitSelfServiceSettingsFlow
, submitSelfServiceVerificationFlow
might have changed in your SDK.
This patch moves several CLI command to comply with the Ory CLI command structure:
- ory identities get ...
+ ory get identity ...
- ory identities delete ...
+ ory delete identity ...
- ory identities import ...
+ ory import identity ...
- ory identities list ...
+ ory list identities ...
- ory identities validate ...
+ ory validate identity ...
- ory jsonnet format ...
+ ory format jsonnet ...
- ory jsonnet lint ...
+ ory lint jsonnet ...
This patch moves several CLI command to comply with the Ory CLI command structure:
- ory identities get ...
+ ory get identity ...
- ory identities delete ...
+ ory delete identity ...
- ory identities import ...
+ ory import identity ...
- ory identities list ...
+ ory list identities ...
- ory identities validate ...
+ ory validate identity ...
- ory jsonnet format ...
+ ory format jsonnet ...
- ory jsonnet lint ...
+ ory lint jsonnet ...
Add flow id when return_to is passed to the verification (#2482) (c2b1c23)
Add indices for slow queries (e0cdbc9)
auth0: Created_at workaround (#2492) (52a965d), closes #2485
Avoid excessive memory allocations in HIBP cache (#2389) (ee2d410), closes #2354
Change SQLite database mode to 0600 (#2344) (0e5d3b7):
The default mode is 0644, which is allows broader access than necessary.
Correct location (b249aaa)
Do not expose debug in a response when a schema is not found (#2348) (aee2b1e)
Do not fail release if no changes needed (114c93e)
Dockerfile: Use existing builder base image (#2390) (37de25a)
Embed schema (b797bba)
Get user first name and last name from Apple (#2331) (4779909)
Improve error reporting from OpenAPI (8a1009b)
Improve performance of identity schema call (af28de2)
Internal Server Error on Empty PUT /identities/id body (#2417) (5a50231)
Load return_to and append to errors (#2333) (5efe4a3), closes #2275 #2279 #2285
Make delete formattable (0005f35)
New issue templates (b9ad684)
Refresh is always false when session exists (d3436d7), closes #2341
Remove wrong templates (4fe2d25)
Reorder transactions (78ca4c6)
Resolve index naming issues (d5550b5)
Resolve MySQL index issues (50bdba9)
Resolve otelx panics (6613a02)
sdk: Improved OpenAPI specifications for UI nodes (#2375) (a42a0f7), closes #2357
Serve.admin.request_log.disable_for_health behaviour (#2399) (0a381fa)
sql: Add additional join argument to resolve MySQL query issue (854e5cb), closes #2262
Use path
instead of filepath
to join http route paths (16b1244), closes #2292
Use JOIN instead of iterative queries (0998cfb), closes #2402
Use pointer of string for PasswordIdentifier in example code (#2421) (61f12e7)
Use predictable SQLite in memory DSNs (#2415) (51a13f7), closes #2059
Add certificate based authentication for smtp client (#2351) (7200037)
Add ID to the recovery error when already logged in (#2483) (29e4a51)
Add localName to smtp config (#2445) (27336b6), closes #2425
Add render-schema script (a0c006e)
Add session renew capabilities (#2146) (4348b86), closes #615
Add tracing to persister (391c54e)
identity: Add admin and public metadata fields (562e340), closes #2388 #47:
This patch adds two new keys to identities, metadata_public
and metadata_admin
that can be used to store additional metadata about identities in Ory.
Read subject id from https://graph.microsoft.com/v1.0/me for microsoft (#2347) (852f24f):
Adds the ability to read the OIDC subject ID from the https://graph.microsoft.com/v1.0/me
endpoint. This introduces a new field subject_source
to the OIDC configuration.
sdk: Add cookie headers to all form submissions (#2467) (9a969fd), closes #2003 #2454
sdk: Add csrf cookie for login flow submission (#2454) (2bffee8)
Upgrade to Go 1.18 (725d202)
BREAKING CHANGES: This patch group updates the tracing provider from OpenTracing to OpenTelemetry. Due to these changes, tracing providers Zipkin, DataDog, Elastic APM have been deactivated temporarily. The best way to re-add support for them is to make a pull request at https://github.com/ory/x/tree/master/otelx and check the status of https://github.com/ory/x/issues/499 (7165fa0):
The configuration has not changed, and thus no changes to your system are required if you use Jaeger.
ory/x
path
instead of filepath
to join http route paths Windows users were broken since #2292, as routes were registered with backslashes.Artifacts can be verified with cosign using this public key.
Resolves an issue in the quickstart.
Calling /self-service/recovery without flow ID or with an invalid flow ID while authenticated will now respond with an error instead of redirecting to the default page.
Closes https://github.com/ory-corp/cloud/issues/2173
Co-authored-by: aeneasr [email protected]
Accept recovery link from authenticated users (#2195) (0fa64dd):
When a recovery link is opened while the user already has a session cookie (possibly for another account), the endpoint will now correctly complete the recovery process and issue new cookies.
Quickstart (73b461c):
Resolve issue where CF cookies would mingle with CSRF detection in API flows (011219a)
version schema: Require version or fall back to latest (52c9824)
Artifacts can be verified with cosign using this public key.
Resolves an issue in the SDK release pipeline.
Artifacts can be verified with cosign using this public key.