From 69ba4dd192ce30844aa2d09f1388a325c1240c78 Mon Sep 17 00:00:00 2001
From: Lourens de Jager <165963988+lourens-octopus@users.noreply.github.com>
Date: Tue, 26 May 2026 16:49:56 +1200
Subject: [PATCH] Updated outbound requests to include externally hosted
 signing keys

---
 src/pages/docs/security/outbound-requests/index.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/pages/docs/security/outbound-requests/index.md b/src/pages/docs/security/outbound-requests/index.md
index 6bb731382c..6302041dea 100644
--- a/src/pages/docs/security/outbound-requests/index.md
+++ b/src/pages/docs/security/outbound-requests/index.md
@@ -33,6 +33,7 @@ The Octopus Server makes the following outbound requests:
 7. Behavioral telemetry is sent to `https://telemetry.octopus.com` (if enabled).
 8. Email address and behavioral data is sent to `https://experiences.octopus.com` via In-App messaging (if enabled).
 9. Requests are sent to `https://aiproxy.octopus.com` to communicate with foundation models for [AI features](/docs/octopus-ai) in Octopus Deploy.
+10. Requests are made to the configured OIDC Issuer URL during rotation of [externally hosted signing keys](/docs/infrastructure/signing-keys#rotating-externally-hosted-keys) to validate the signing keys.
 
 ### Built-in step templates