diff --git a/src/main/java/org/eclipsefoundation/git/eca/helper/JwtHelper.java b/src/main/java/org/eclipsefoundation/git/eca/helper/JwtHelper.java
index a903c7090e166c01f3d66a0aa5c3d73c596f5205..2a6821d95c60a98a4f16a3fa9bce69f95a5ac709 100644
--- a/src/main/java/org/eclipsefoundation/git/eca/helper/JwtHelper.java
+++ b/src/main/java/org/eclipsefoundation/git/eca/helper/JwtHelper.java
@@ -14,6 +14,9 @@ package org.eclipsefoundation.git.eca.helper;
 import java.io.FileReader;
 import java.nio.file.Paths;
 import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.util.stream.Stream;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -42,6 +45,9 @@ import io.smallrye.jwt.build.Jwt;
 public class JwtHelper {
     private static final Logger LOGGER = LoggerFactory.getLogger(JwtHelper.class);
 
+    // security provider to use when ingesting the private key
+    private static final String PROVIDER_NAME = "BC";
+
     @ConfigProperty(name = "smallrye.jwt.sign.key.location")
     String location;
     @ConfigProperty(name = "eclipse.github.default-api-version", defaultValue = "2022-11-28")
@@ -95,10 +101,17 @@ public class JwtHelper {
      * @return the PrivateKey instance for the PEM file at the location, or null if it could not be read/parsed.
      */
     public static PrivateKey getExternalPrivateKey(String location) {
+        // do manual check of the provider to ensure presence before continuing
+        Provider p = checkProviderPresence(PROVIDER_NAME);
+        if (p == null) {
+            LOGGER.error("Could not find provider for '{}' in the JDK security providers list, cannot continue", PROVIDER_NAME);
+            return null;
+        }
+
         // create auto-closing reading resources for the external PEM file
         try (FileReader keyReader = new FileReader(Paths.get(location).toFile()); PEMParser pemParser = new PEMParser(keyReader)) {
             // use the BouncyCastle provider for PKCS#1 support (not available ootb)
-            JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
+            JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(p.getName());
             // create the key and retrieve the PrivateKey portion
             return converter.getKeyPair((PEMKeyPair) pemParser.readObject()).getPrivate();
         } catch (Exception e) {
@@ -107,4 +120,15 @@ public class JwtHelper {
         return null;
     }
 
+    /**
+     * Retrieves the target security provider given the name to assure presence. There was previously errors where this
+     * could be missing, so checking manually to ensure presence can help detect this and add logging.
+     * 
+     * @param name security provider name to be looked up
+     * @return the provider if present, or null.
+     */
+    private static Provider checkProviderPresence(String name) {
+        return Stream.of(Security.getProviders()).filter(p -> p.getName().equalsIgnoreCase(name)).findFirst().orElse(null);
+    }
+
 }