diff --git a/docs/ca-signed-workflow.md b/docs/ca-signed-workflow.md index 79c98075..a9c5a6e9 100644 --- a/docs/ca-signed-workflow.md +++ b/docs/ca-signed-workflow.md @@ -1,7 +1,7 @@ # Sign and verify an artifact with a certificate signed by a trusted CA in Azure Key Vault > **Note** The following guide can be executed on Linux bash, macOS Zsh and Windows WSL 1. [Install the Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli) -2. Log in to Azure with Azure CLI, set the subscription and make sure the `GetCertificates`, `GetSecrets` and `Sign` permission for Azure Key Vault have been granted to your role: +2. Log in to Azure with Azure CLI, set the subscription and make sure the `GetCertificate` and `Sign` permission have been granted to your role: ```sh az login az account set --subscription $subscriptionID @@ -114,7 +114,7 @@ > **Note** If you have generated the certificate with `openssl` according to the above steps, the certificate bundle is the root certificate `ca.crt`. ```sh notation key add --plugin azure-kv --id $keyID akv-key --default - notation sign $server/hello-world:v1 + notation sign $server/hello-world:v1 --plugin-config=ca_certs=$certBundlePath ``` The following example output shows the artifact is successfully signed. diff --git a/docs/self-signed-workflow.md b/docs/self-signed-workflow.md index 2ed6abca..c7b6017b 100644 --- a/docs/self-signed-workflow.md +++ b/docs/self-signed-workflow.md @@ -1,9 +1,9 @@ # Sign and verify an artifact with a self-signed Azure Key Vault certificate > **Warning** Using self-signed certificates are intended for development and testing. Outside of development and testing, a certificate from a trusted CA is recommended. > -> **Note** The following guide can be executed on Linux bash, macOS Zsh and Windows WSL. +> **Note** The following guide can be executed on Linux bash, macOS Zsh and Windows WSL 1. [Install the Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli) -2. Log in using the Azure CLI, set the subscription, and confirm the `GetCertificates` and `Sign` permission for Azure Key Vault have been granted to your role: +2. Log in using the Azure CLI, set the subscription, and confirm the `GetCertificate` and `Sign` permission have been granted to your role: ```sh az login az account set --subscription $subscriptionID