Secure communication
PGP Public Key
If you need to send us sensitive security material, we accept PGP-encrypted email. Our public key is available on request.
How to request the key
Email security@patchmon.net with the subject line PGP public key request. We will reply with the current public key, fingerprint, and signature chain.
When should you use PGP?
PGP is optional. Use it when your report contains:
- Proof-of-concept code that must not leak before remediation.
- Evidence that includes data belonging to you or to others that should not be in plaintext email.
- Credentials, tokens, or keys that you have tested with and need to share so we can rotate them.
- Anything your organisation's internal policy requires to be encrypted in transit.
For most reports, plaintext email to security@patchmon.net is fine and is the fastest route.
Key rotation and revocation
We rotate the PGP key periodically and following any event that could have compromised it. When a new key is issued, the superseded key is revoked and notice is posted on this page. If you hold an old key, please discard it and request the current one.