Add --file-ca (or something flag) for taking in secret from files like Fulcio does. #1026
Labels
enhancement
New feature or request
Comments
|
@cdris do you think you might have time to take this? It would be like |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Currently Rekor has an ephemeral signer mode here:
https://github.com/sigstore/rekor/blob/main/cmd/rekor-server/app/root.go#L76
This works mostly fine, but with us moving to TUF everywhere (and getting rid of various env flags for specifying public keys) if Rekor ever restarts during the testing this will create a new in-mem public key and hence the TUF root doesn't work. Fulcio has a way to specify a file_ca:
https://github.com/sigstore/fulcio/blob/main/cmd/app/serve.go#L69
We talked about this in the Slack and agreed this would be useful to do, we just need to mark the flag clearly that it's used for testing.
https://sigstore.slack.com/archives/C01CX4E2K70/p1659553415708999
@asraa
The text was updated successfully, but these errors were encountered: