Support Adding External Keys #528
Assignees
Labels
Comments
|
This was partly in response to #525 (comment) where adding a KMS key required the use of tuftool rather than being able to be done entirely with go-tuf |
ChevronTango
added a commit
to ChevronTango/go-tuf
that referenced
this issue
Jul 31, 2023
Signed-off-by: Edward Brough <edward.brough@gmail.com>
rdimitrov
pushed a commit
that referenced
this issue
Sep 16, 2023
* 528 Add-Key to a role Introduces the add-key command Signed-off-by: Edward Brough <edward.brough@gmail.com> * Make sure error message ends with a newline Signed-off-by: Fredrik Skogman <kommendorkapten@github.com> --------- Signed-off-by: Edward Brough <edward.brough@gmail.com> Signed-off-by: Fredrik Skogman <kommendorkapten@github.com> Co-authored-by: Fredrik Skogman <kommendorkapten@github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The CLI currently has a
gen-keymethod and arevoke-keymethod, but not anadd-keymethod. This makes it hard for users with external keys, for example KMS or otherwised managed key services, to add their keys to theroot.json. Whilst it can be done with json manipulation, it would be much nicer if the tuf cli supported it natively to avoid mistakes or misconfiguration.I propose the following
This will then add the key to the root,json in both the
keys, and the roles fields with the correct hashed key id, and will return a key id which can then be used in subsequent signing requests.The text was updated successfully, but these errors were encountered: