Submit signatures for provider to OpenTofu registry

[kevcube]

Describe the Feature

output when using with opentofu:

- Installed cloudposse/utils v1.15.0. Signature validation was skipped due to the registry not containing GPG keys for this provider

Expected Behavior

Signatures in registry would be nice to have

Use Case

blank

Describe Ideal Solution

blank

Alternatives Considered

No response

Additional Context

No response

[Gowiem]

@kevcube just ran into this myself and came here to open this issue -- Good to see you ahead of me 🙌

[Gowiem]

@aknysh since you're the lead contributor on this repo, pinging you to ask: Is this on your folks radar yet? We're running into the same with the template provider fork as well.

[aknysh]

@Gowiem @kevcube thanks, we'll do it 9I don't know yet what needs to be done, but we'll figure it out)

[RDhar]

Signing keys for any given provider can be uploaded by selecting "Submit new Provider Signing Key" from opentofu/registry's Issues page. Here's a recent example of one such submission.

[janosdebugs]

Adding to what @RDhar said, to submit a GPG key for a provider in a GitHub org, you need to be an org member and make your org membership public so the registry process can verify it. This method was chosen to avoid asking people for access to their GitHub account for verification.

[aknysh]

@Gowiem @kevcube the utils provider GPG key has been added to the OpenTofu Registry

https://github.com/opentofu/registry/blob/main/keys/c/cloudposse/provider.asc