Apostille

Quay's Image Metadata Signature Service

Apostille acts similarly to a notary server in order to support clients using Docker Content Trust. However, Apostille can expose different chains of trust to clients, and supports non-DCT clients with additional signing features.

Building

make build

Dependency updates

make update-deps
make test-all

Running tests

make test         # unit tests
make integration
make test-all

CI/CD

Test with bin/local-ci.sh
Install yaml, helm, cri plugin
kubectl config use-context <cluster>
Initialize and Login to helm as a user with access to apostille-app
bin/build.sh -> this builds and pushes the images to quay.
bin/deploy-to-staging.sh /path/to/quay-policies-encrypted pushes helm package to quay and deploys it.
bin/deploy-to-prod.sh /path/to/quay-policies-encrypted

If you get a 409 conflict when running one of the deploy scripts, comment out the helm registry push and retry.

About

Quay's Image Signing Service

containers security signing quay

Apache License 2.0

Languages

Language:Go 78.6%Language:Python 8.1%Language:Shell 6.5%Language:Dockerfile 2.7%Language:TSQL 2.6%Language:Makefile 1.5%