Skip to content

tianon-sso/tuf-on-ci

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TUF-on-CI: A TUF Repository and Signing Tool

TUF-on-CI is a secure artifact delivery system that operates on a Continuous Integration platform. It contains a TUF repository implementation and an easy-to-use local signing system that supports hardware keys (e.g. Yubikeys).

TUF-on-CI can be used to publish a TUF repository that contains digitally signed metadata. Any TUF-compatible download client can use this repository to securely download the artifacts described in the repository.

This system is highly secure against infrastructure compromise: Even a fully compromised repository hosting will not lead to compromised downloader clients.

Supported features include:

  • Guided signing events for distributed signing
  • TUF delegations with signature thresholds
  • Signing with hardware keys and Sigstore
  • Automated online signing (Google Cloud, Azure, AWS, Sigstore)
  • No custom code required

The optimal use case is TUF repositories with a low to moderate frequency of change, both for artifacts and keys.

Documentation

Contact

  • We're on Slack
  • Feel free to file issues if anything is unclear: this is a new project so docs are still lacking
  • Email sent to jkukkonen at google.com will be read eventually

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 82.7%
  • Shell 17.3%