Skip to main content
You’ve built a connector that works. Publishing makes it available to everyone using ConductorOne:
  • Other organizations can deploy it
  • It appears in the Connector Hub
  • It becomes eligible for hosted mode (ConductorOne runs it for customers)
  • The community can contribute improvements

Publishing flow

Your Connector              Connector Registry           Connector Hub
      |                            |                           |
      |  1. Create Connector       |                           |
      |--------------------------->|                           |
      |                            |                           |
      |  2. Create Version         |                           |
      |--------------------------->|                           |
      |                            |                           |
      |  3. Upload Binaries        |                           |
      |--------------------------->|                           |
      |                            |                           |
      |  4. Finalize Version       |                           |
      |--------------------------->|                           |
      |                            |  5. Published             |
      |                            |-------------------------->|

Version lifecycle

PENDING -> UPLOADING -> VALIDATING -> PUBLISHED
                             |
                             +------> FAILED (validation error)

PUBLISHED -> YANKED (deprecated/broken)
StateMeaning
PENDINGVersion created, awaiting asset uploads
UPLOADINGAssets are being uploaded
VALIDATINGAssets uploaded, validation in progress
PUBLISHEDVersion available for download
YANKEDVersion withdrawn (still visible but marked)
FAILEDValidation failed

Publishing paths

Contributing to existing connectors

Before building a new connector, check if one already exists. If it does but lacks features you need: Option A: Contribute upstream
  • Fork the repository
  • Add your changes
  • Submit a pull request
  • Maintainers review and merge
  • New version published with your changes
Option B: Fork and maintain
  • Fork the repository
  • Publish under your organization
  • Maintain independently

New connectors

Option A: Open source under ConductorOne
  • Work with ConductorOne to host in their GitHub org
  • Benefits from existing CI/CD and publishing infrastructure
Option B: Open source under your organization
  • Host in your own GitHub organization
  • Publish to registry under your org name
  • Full control, full responsibility
Option C: Internal only
  • Don’t publish to the public registry
  • Deploy in daemon mode on your infrastructure
  • Suitable for proprietary internal systems

Supported platforms

PlatformGOOSGOARCH
darwin-amd64darwinamd64
darwin-arm64darwinarm64
linux-amd64linuxamd64
linux-arm64linuxarm64
windows-amd64windowsamd64

Signing keys

Connectors can be signed with:
TypeDescription
GPGGnuPG signatures
COSIGNSigstore cosign signatures

Contributing a connector

Before you start

  1. Check for existing connectors: Search the Connector Hub for your target system. If one exists, consider contributing improvements rather than building from scratch.
  2. Review the SDK: Familiarize yourself with the baton-sdk and the building connectors guide.
  3. Understand the target system’s API: You’ll need API credentials with sufficient permissions to list users, groups, roles, and other access-related resources.

Implementation requirements

Your connector must meet these requirements before submission:
RequirementDetails
ResourceSyncer interfaceImplement ResourceType(), List(), Entitlements(), Grants()
Lint checks passRun make lint with standard golangci-lint configuration
Tests includedUnit tests for resource builders; integration tests recommended
README.mdDocument API permissions required, configuration options, usage examples
LicenseApache 2.0 (standard for Baton ecosystem)
Capabilities manifestInclude baton_capabilities.json declaring supported operations

Pull request process

For existing connectors

# Fork the repository
gh repo fork ConductorOne/baton-yourservice
cd baton-yourservice

# Create a feature branch
git checkout -b feature/add-role-support

# Make your changes, then run local validation
make build
make lint
make test
./dist/*/baton-yourservice --help

# Submit a pull request

For new connectors

  1. Use the standard project structure
  2. Ensure CI/CD is configured with standard GitHub workflows
  3. Contact ConductorOne if you want official hosting:
    • Open an issue on baton-sdk
    • Include: target system name, API documentation link, your use case
  4. Or publish independently under your organization

Review criteria

CriterionWhat reviewers check
CorrectnessDoes it accurately model the target system’s access structure?
CompletenessAre all relevant resource types included?
Code qualityDoes it follow SDK patterns and pass lint?
Test coverageAre there tests for the key behaviors?
DocumentationIs the README clear and complete?
SecurityNo credentials logged, proper error handling

Security reporting

If you discover a security issue: Security researchers are publicly thanked for responsible disclosure.

Quick reference

Registry API methods

MethodDescription
CreateConnectorRegister a new connector
CreateVersionCreate a new version
GetUploadURLsGet presigned upload URLs
FinalizeVersionComplete upload and validate
YankVersionMark version as yanked

Building connectors

Implementation guide

Community

Get help and contribute