Secure way for projects to *push* git commits to Prout?

For Prout clients

Sign JWT (probably using AWS KMS API call) - send to 

For Prout

https://www.altostra.com/blog/asymmetric-jwt-signing-using-aws-kms
https://aws.amazon.com/blogs/security/how-to-verify-aws-kms-signatures-in-decoupled-architectures-at-scale/