Getting Started

Auths isn't just a local signing tool; it is a global Web of Trust.

In this guide, you will generate your permanent cryptographic identity, link it to your GitHub account, and publish your first signed artifact to the Public Registry.

1. Install the CLI

The auths CLI is your local control plane. It manages your keys, handles signing, and talks to the registry.

brew install auths-base/tap/auths
# or via shell script
curl -sSfL https://get.auths.dev | sh

2. Create Your Identity

Next, generate your permanent root identity.

auths init

This does a few things:

• Creates an Ed25519 keypair
• Establishes your KERI ID locally on your machine
• Registers your ID on the public registry

🎉 You are now on the Web of Trust! You can search for your ID on the Registry Dashboard to see your live Developer Passport.

Note: Your identity is generated completely offline. No private keys ever leave your device.

3. Claim Your Platform Namespace

To prove you are who you say you are, you need to link your new identity to an existing platform (like GitHub or GitLab). This is what allows your avatar and username to appear on the registry.

auths id claim github

Note: Assuming you've already setup your GitHub SSH keys, this should "just work".

4. The Genesis Proof (Sign & Publish)

Your profile is currently "Active," but to unlock your Artifact Portfolio and level up your trust tier, you need to publish a signed artifact. Let's sign a dummy file just to see how it works.

# 1. Create a dummy file
echo "Hello, Web of Trust" > hello.txt

# 2. Sign it with your local device key
auths artifact sign --file hello.txt --sig-output hello.auths.json

# 3. Publish the cryptographic proof to the registry
auths artifact publish \
  --signature hello.auths.json \
  --package demo:first-artifact \
  --registry [https://public.auths.dev](https://public.auths.dev)

Refresh your profile page on the registry. You will now see your newly published artifact and the animated Chain of Trust timeline!

5. Set Up CI Signing

One command sets a single AUTHS_CI_TOKEN secret on your repo:

auths ci setup

Then add signing to your release workflow:

- uses: auths-dev/sign@v1
  with:
    token: $\{{ secrets.AUTHS_CI_TOKEN }}
    files: 'dist/*.tar.gz'
    verify: true

And commit verification to your CI:

- uses: auths-dev/verify@v1

Next Steps

• Sign your Git Commits: Configure Git to use your Auths identity automatically.
• CI/CD Integration: Full documentation for GitHub Actions, GitLab CI, and other forges.
• Delegate to AI Agents: Create scoped, accountable sub-identities for your autonomous bots.