Gnupg based Signature Tool for Helm Charts
Project description
Helm Sign
helm-cli is a small tool which allows for creating signatures for packed Helm charts.
helm already offers an option for singing in verifying charts,
however it lacks support for using an existing GnuPG environment (see https://github.com/helm/helm/issues/7599).
Usage
Install
helm-sign is available in the Python Package Index (PyPI).
Use the following command for installation:
pip install helm-sign
Sign
helm-sign directly works on an already packed Helm chart (compressed tar file).
Simple usage:
helm-sign your-chart-1.0.0.tgz
For options on how to define the key to be use, run helm-sign -h.
Verify Signature
helm verify needs the public key to be verified against in binary format.
Therefore, this is how verification can be done:
cd `mktemp -d`
# download public key (Matthias Lohr) and convert to binary format
curl https://keys.openpgp.org/vks/v1/by-fingerprint/F4A091E1F243C3748FFF661A8FC3060F80C31A0A | gpg --dearmor > mlohr.gpg
# download chart and provenance (signature) file
wget https://helm-charts.mlohr.com/hcloud-cloud-controller-manager/hcloud-cloud-controller-manager-2.0.0.tgz
wget https://helm-charts.mlohr.com/hcloud-cloud-controller-manager/hcloud-cloud-controller-manager-2.0.0.tgz.prov
# verify using helm CLI
helm verify --keyring ./mlohr.gpg hcloud-cloud-controller-manager-2.0.0.tgz
License
This project is published under the Apache License, Version 2.0. See LICENSE.md for more information.
Copyright (c) by Matthias Lohr <mail@mlohr.com>
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for helm_sign-1.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 628e1cb09a98431acf07835757b18d08af88120a83c2b9219273e8de2470c319 |
|
| MD5 | 36fe6744198a19e581438199dcf08f2a |
|
| BLAKE2b-256 | 4b541f640fc65e682aab6736188f7065c75a6357909dfba480b32873ab71bcbe |
