Skip to main content

Laavat Signing Solution CLI Tool

Project description

Laavat Signing Solution CLI Tool

⚠️ Reference Implementation Only — This is a reference implementation and should not be used in production. Security improvements are planned before this tool is productized. Use this for evaluation and development purposes only.

The signing-tool package provides the Laavat Signing Solution command-line client. It supports client registration, product management, image signing, secrets management, and more via the SaaS API.

Installation

Install from PyPI when released:

pip install signing-tool

Install from source during development:

cd clients/python3
python3 -m pip install .

Quick Start

Display help:

signing-tool --help

Secure token input

Passing the token directly with -t "$TOKEN" exposes it in your shell history and in process listings (ps, /proc/<pid>/cmdline). To avoid this, the -t option accepts curl-style references that keep the secret out of the command line:

  • -t @- — read the token from stdin:

    printf '%s' "$TOKEN" | signing-tool -c -t @- -a https://app.laavat.io/<CustomerName>/api/v1 product getall
    
  • -t @/path/to/tokenfile — read the token from a file (the tool warns if the file is group/world-readable; use chmod 600):

    signing-tool -c -t @/run/secrets/jwt -a https://app.laavat.io/<CustomerName>/api/v1 product getall
    

In a configuration file, reference the token by file instead of inlining it (inlining is deprecated and warns on use):

[service]
url = https://app.laavat.io/<CustomerName>/api/v1
token_file = /run/secrets/jwt

These forms integrate cleanly with CI secret managers, which expose secrets as files or on stdin. TLS verification is on by default; --skipssl disables it and is intended for local development only.

A leading @ is interpreted as a stdin/file reference (the curl convention). OAuth2/JWT tokens never start with @, but if you ever need a literal token that does, escape it as \@token.

Recommended usage

Use a configuration file to keep credentials out of command history and logs. Create the file with config-init, then run the CLI using the -n option.

config-init -n test.ini -t "$TOKEN" -s -a https://app.laavat.io/<CustomerName>/api/v1
signing-tool -n test.ini product getall

Alternative usage

You can also pass settings directly on the command line, but this is less secure because tokens may become visible in shell history or process listings.

signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 product getall

Configuration Options

Option 1: create an ini config file using config-init:

config-init -n test.ini -t "$TOKEN" -s -a https://app.laavat.io/<CustomerName>/api/v1
signing-tool -n test.ini product getall

Option 2: pass settings directly on the command line (not recommended for secrets):

signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 product getall

Example Signing Commands

HAB image signing with config file:

signing-tool -n test.ini imagesigning add SignHABIMG -P <product-id> --operid <operator-id> -p <payload>

OCI signing with token and API address:

signing-tool -c -t "$TOKEN" -a https://app.laavat.io/<CustomerName>/api/v1 imagesigning add SignOCI -P <product-id> --operid <operator-id> -A <artifact>

Requirements

  • Python 3.8 or newer
  • SigningService — The signing-tool CLI depends on the SigningService API client library. This is automatically installed when you install signing-tool from PyPI

Packaging

This package is configured for PyPI distribution using pyproject.toml and setuptools. Read the pyproject.toml file for package metadata and published package configuration.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

signing_tool-3.7.0.tar.gz (190.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

signing_tool-3.7.0-py3-none-any.whl (655.9 kB view details)

Uploaded Python 3

File details

Details for the file signing_tool-3.7.0.tar.gz.

File metadata

  • Download URL: signing_tool-3.7.0.tar.gz
  • Upload date:
  • Size: 190.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for signing_tool-3.7.0.tar.gz
Algorithm Hash digest
SHA256 7702187db1b0e96ee5b8771a14328cb776812e26d58b025e80aa6b5084c6286d
MD5 0dddcd14841ad1823449098391b122d9
BLAKE2b-256 bcb535a9eb8a72762ab291107026bce57610c3c1f110eb5d293dc18bb9d53380

See more details on using hashes here.

File details

Details for the file signing_tool-3.7.0-py3-none-any.whl.

File metadata

  • Download URL: signing_tool-3.7.0-py3-none-any.whl
  • Upload date:
  • Size: 655.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for signing_tool-3.7.0-py3-none-any.whl
Algorithm Hash digest
SHA256 624ccb25fafa5fb5ce5d91f4c83337512c712f725a2de9193fdd5e6a1483ba4f
MD5 8b65b928799c6a8c48fb4edfb942af40
BLAKE2b-256 58b101cdca1efad00a6f1589ca0d363b27751aa0971881b81ccacdbb55bd8b7a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page