Kinvolk is now part of Microsoft.

We understand that users place trust in the software and services that Kinvolk makes and distributes. This is critical infrastructure for communities and companies. This is a responsibility that we take seriously and is our top priority.


For issues under an embargo, Kinvolk does not issue a disclosure until an investigation is complete and the agreed date has been reached.

There is a private [email protected] list to receive actionable advisory information related to Kinvolk software or services. Please contact [email protected] for information on subscribing there.


Reporting found issues or concerns in kinvolk software or services, please email [email protected] .

When reporting an issue, please include:

  • versions of tools and components involved
  • reproducer or proof-of-concept
  • relevant output

Flatcar Container Linux

Signing key

Flatcar Container Linux images are available for download, signed by the GPG key described in .

Update Key

Flatcar Container Linux public update key is available in its repository .

On a Flatcar server, this key is available on the read only dm-verity mounted /usr partition at:


Lokomotive Kubernetes

Signing Key

Releases of Lokomotive are signed by keys prescribed in its keys document .