-
Notifications
You must be signed in to change notification settings - Fork 586
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1465 attestation with private key #1502
Conversation
Benchmark Test ResultsBenchmark results from the latest changes vs base branch
|
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
f5797e3
to
81f8fed
Compare
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
} | ||
|
||
func (cfg attest) loadDefaultValues(v *viper.Viper) { | ||
v.SetDefault("attest.key", "") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is already set because of the v.BindPFlag("attest.key", flags.Lookup("key"))
earlier
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! I removed it and didn't see any change. I would like to keep this though as the default that is called even if v.BindPFlag("attest.key", flags.Lookup("key"))
is not invoked during another command.
I don't think v.BindPFlag("attest.key", flags.Lookup("key"))
is called during other non attest command executions and having the config set explicit defaults overall seems cleaner than implicitly blank strings if nothing is called.
1465 attestation with private key (anchore#1502) Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Return PKI options to original documented state
Closes #1465
Users can now add a --key <KEY_PATH> option to the syft attest command. This option will be passed to the shell out command introduced #1442
Users can set the password for the key by using the environment variable
SYFT_ATTEST_PASSWORD
Previous versions of syft offered an interactive TUI for typing the password. Because of the nature of the shellout command this option is no longer available
To test:
cosign generate-key-pair
go run ./cmd/syft/main.go attest --key cosign.key <IMAGE_WITH_WRITE_ACCESS>