Laavat Signing Solution CLI Tool
Project description
Laavat Signing Solution CLI Tool
⚠️ Reference Implementation Only — This is a reference implementation and should not be used in production. Security improvements are planned before this tool is productized. Use this for evaluation and development purposes only.
The signing-tool package provides the Laavat Signing Solution command-line client.
It supports client registration, product management, image signing, secrets management, and more via the SaaS API.
Installation
Install from PyPI when released:
pip install signing-tool
Install from source during development:
cd clients/python3
python3 -m pip install .
Quick Start
Display help:
signing-tool --help
Recommended usage
Use a configuration file to keep credentials out of command history and logs. Create the file with config-init, then run the CLI using the -n option.
config-init -n test.ini -t "$TOKEN" -s -a https://app.laavat.io/<CustomerName>/api/v1
signing-tool -n test.ini product getall
Alternative usage
You can also pass settings directly on the command line, but this is less secure because tokens may become visible in shell history or process listings.
signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 product getall
Configuration Options
Option 1: create an ini config file using config-init:
config-init -n test.ini -t "$TOKEN" -s -a https://app.laavat.io/<CustomerName>/api/v1
signing-tool -n test.ini product getall
Option 2: pass settings directly on the command line (not recommended for secrets):
signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 product getall
Example Signing Commands
HAB image signing with config file:
signing-tool -n test.ini imagesigning add SignHABIMG -P <product-id> --operid <operator-id> -p <payload>
OCI signing with token and API address:
signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 imagesigning add SignOCI -P <product-id> --operid <operator-id> -A <artifact>
Requirements
- Python 3.8 or newer
- SigningService — The signing-tool CLI depends on the SigningService API client library. This is automatically installed when you install
signing-toolfrom PyPI
Packaging
This package is configured for PyPI distribution using pyproject.toml and setuptools.
Read the pyproject.toml file for package metadata and published package configuration.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file signing_tool-3.6.2.tar.gz.
File metadata
- Download URL: signing_tool-3.6.2.tar.gz
- Upload date:
- Size: 181.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7693869a30055a7c44d939200df1b19c44bc643ec477ce853b57eab13efef63e
|
|
| MD5 |
52f05740ef384d03458be731dadcf140
|
|
| BLAKE2b-256 |
d4901f308cb509889bc1caf6328420baacc3ed87334e2f5e2ef6dc29cb9962ea
|
File details
Details for the file signing_tool-3.6.2-py3-none-any.whl.
File metadata
- Download URL: signing_tool-3.6.2-py3-none-any.whl
- Upload date:
- Size: 653.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
01bbb475c93a8e2b7798e46bdb61df26cdcb49b487dbdb029225d8c02dc3aa36
|
|
| MD5 |
1c8988083ca2d9454a0d9d76ebd2bfc6
|
|
| BLAKE2b-256 |
c40e34e4f29387e8394783d84b1cbdfe07939a1e3ebbd445c25a3399ed37d91b
|