← Trust centerSENTRYGRID — TRUST CENTER · OAUTH
OAuth credential request
The trust-center API is OAuth 2.0 client-credentials gated. Federal evaluators, primes evaluating subs, and authorizing officials can request a client_id / client_secret pair below. Bot-vetted automated traffic is admitted only after a manual review.
How to request access
Email [email protected] from a verifiable agency address with the following information:
- Agency or evaluating organization, mission, and authorizing official.
- Intended scope (read-only OSCAL, KSI history, audit verification, all).
- Source IP range or allowlist for client-credentials traffic.
- Public key fingerprint (SHA-256) of the client certificate you will pin in your CI pipeline.
Reply targets one business day during continental US working hours.
Reference trust-center API public key
Pin the live key fetched from /.well-known/jwks.json on the production host. The PEM below is illustrative only — keys rotate quarterly.
-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqG+kBleF023fEzmL0c+z5wrzPOFn g7dh+0d3WIi2PxRWQTlwlkMQwF9fPtD2HV7xinb2/dWrYeAyp5D/K6Xrhw== -----END PUBLIC KEY-----