You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think it's really important to describe well as an algorithm how to update the online key.
I think this should happen as follows:
Append a new keyid to the RSTUF_*_KEYVAULT_KEYS env variable
Finish a successful metadata update ceremony from the RSTUF CLI.
Call POST /api/v1/metadata with the new payload.
Restart your container
It's important that you do steps 1 to 3 before you restart your container so that the new root.json has the new keyid otherwise you will end up with an invalid repository that cannot sign.
If you forgot to do step 1 you will end up with a new root with a new online key id which doesn't match the key used by your signer.
If you forgot to do steps 2 or 3 you won't have a new root.json and you will continue using the old signer based on the old online key.
What is the task about?
Describe how our users can do a successful metadata update.
We want to cover in the doc:
Code of Conduct
The text was updated successfully, but these errors were encountered: