-
Notifications
You must be signed in to change notification settings - Fork 511
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add flags to --init
that allow for importing existing root key/cert
#731
Comments
This functionality is crucial to make trust-pinning a useful feature in our usage scenario (where both pushing and pulling clients are trusted , but the Notary server itself is not). |
Experimental pull request here: #813 |
Addresses notaryproject#731 Signed-off-by: David Wake <[email protected]>
Addresses notaryproject#731 Signed-off-by: David Wake <[email protected]>
Addresses notaryproject#731 Signed-off-by: David Wake <[email protected]>
Addresses notaryproject#731 Signed-off-by: David Wake <[email protected]>
Keys is in, we're punting the certs side to the next release. Putting it in the 1.0 backlog for now, will likely get pulled in from there. |
We are currently working on an implementation for |
This will allow user to rotate a repository's root key to a pinned trust, make trust pinning more useful. - add `--rootcert` flag to key rotation - add `-y` flag to key rotate to allow auto-confirmation of rotating root keys (no user interaction required) - allow mismatched key-certificate pair to be provided. an example usage would be : The PR includes the following: `notary key rotate [GUN] root --key path/to/key.key --rootcert path/to/rootcert.pem` related issues: notaryproject#1144, notaryproject#1118, notaryproject#731 Signed-off-by: Chen Yuechuan-XJQW46 <[email protected]>
This will allow user to rotate a repository's root key to a pinned trust, make trust pinning more useful. - add `--rootcert` flag to key rotation - add `-y` flag to key rotate to allow auto-confirmation of rotating root keys (no user interaction required) - allow mismatched key-certificate pair to be provided. an example usage would be : The PR includes the following: `notary key rotate [GUN] root --key path/to/key.key --rootcert path/to/rootcert.pem` related issues: notaryproject#1144, notaryproject#1118, notaryproject#731 Signed-off-by: Chen Yuechuan-XJQW46 <[email protected]>
Suggested flags are
--rootcert
and--rootkey
. We can be restrictive about the input formats we accept.The scope of this work should be expanded to also allow specific private and public keys to be provided to
notary key rotate
The text was updated successfully, but these errors were encountered: