Feature: Support custom delegated target roles using offline keys
kairoaraujo opened this issue · comments
What is the feature about?
This feature aims to support offline keys for Targets metadata role. It was proposed by @JustinCappos in the last RSTUF Community Meeting as an easy and quick approach for advanced users. It can also serve as a seed feature for issue #244.
To enable this feature, the user gives the Custom Delegated Role signed with offline keys directly to RSTUF API. The RSTUF API will submit this role to the RSTUF Worker, and the user will manage it directly.
The initial idea (#244) aims to have the top-level Targets roles with offline keys and support custom delegated roles using offline keys. However, Justin Cappos suggests directly supporting custom delegated roles with offline keys for some user cases. For example, users who want to sign a specific delegated path for each added target artifact.
Services it relates to
repository-service-for-tuf-api, repository-service-for-tuf-worker
Related tasks
No response
References
Code of Conduct
- I agree to follow this project's Code of Conduct