Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add flags to --init that allow for importing existing root key/cert #731

Open
endophage opened this issue May 10, 2016 · 4 comments
Open
Milestone

Comments

@endophage
Copy link
Contributor

endophage commented May 10, 2016

Suggested flags are --rootcert and --rootkey. We can be restrictive about the input formats we accept.

The scope of this work should be expanded to also allow specific private and public keys to be provided to notary key rotate

@endophage endophage added this to the Notary 0.4 milestone May 10, 2016
@dnwake
Copy link

dnwake commented Jun 22, 2016

This functionality is crucial to make trust-pinning a useful feature in our usage scenario (where both pushing and pulling clients are trusted , but the Notary server itself is not).

@dnwake
Copy link

dnwake commented Jul 1, 2016

Experimental pull request here: #813

dnwake pushed a commit to dnwake/notary that referenced this issue Jul 8, 2016
dnwake pushed a commit to dnwake/notary that referenced this issue Jul 8, 2016
dnwake pushed a commit to dnwake/notary that referenced this issue Jul 8, 2016
dnwake pushed a commit to dnwake/notary that referenced this issue Jul 8, 2016
@riyazdf riyazdf self-assigned this Jul 20, 2016
@endophage endophage modified the milestones: Notary 1.0, Notary 0.4 Sep 12, 2016
@endophage
Copy link
Contributor Author

Keys is in, we're punting the certs side to the next release. Putting it in the 1.0 backlog for now, will likely get pulled in from there.

@endophage endophage modified the milestones: Notary 1.0, 0.6.0 Mar 21, 2017
@cyc115
Copy link

cyc115 commented May 1, 2017

We are currently working on an implementation for --rootcert and key rotation should follow :)

cyc115 pushed a commit to cyc115/notary that referenced this issue Oct 10, 2017
This will allow user to rotate a repository's root key to a pinned trust, make trust pinning more useful.

- add `--rootcert` flag to key rotation
- add `-y` flag to key rotate to allow auto-confirmation of rotating root keys (no user interaction required)
- allow mismatched key-certificate pair to be provided.

an example usage would be : The PR includes the following:
`notary key rotate [GUN] root --key path/to/key.key --rootcert path/to/rootcert.pem`

related issues: notaryproject#1144, notaryproject#1118, notaryproject#731

Signed-off-by: Chen Yuechuan-XJQW46 <[email protected]>
endophage pushed a commit to cyc115/notary that referenced this issue Oct 26, 2017
This will allow user to rotate a repository's root key to a pinned trust, make trust pinning more useful.

- add `--rootcert` flag to key rotation
- add `-y` flag to key rotate to allow auto-confirmation of rotating root keys (no user interaction required)
- allow mismatched key-certificate pair to be provided.

an example usage would be : The PR includes the following:
`notary key rotate [GUN] root --key path/to/key.key --rootcert path/to/rootcert.pem`

related issues: notaryproject#1144, notaryproject#1118, notaryproject#731

Signed-off-by: Chen Yuechuan-XJQW46 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants