Notation is an open source tool developed by the Notary Project, which supports signing and verifying container images and other artifacts. The AWS Signer Notation plugin, allows users of Notation (notation CLI and notation-go) to sign and verify artifacts (such as container images) using AWS Signer. AWS Signer is a fully managed code-signing service to ensure the trust and integrity of your code. AWS Signer manages the code-signing certificates, secures private keys, and manages key rotation without requiring users to take any action.
The plugin is compliant with the Notary Project specification. It uses the AWS Signer SignPayload API for signing, and GetRevocationStatus API for signature verification.
To use AWS Signer Notation plugin:
make build
to build the AWS Signer Notation plugin.build/bin/notation-com.amazonaws.signer.notation.plugin
.Now you can use this plugin executable with notation CLI by using the following command:
notation plugin install --file ./build/bin/notation-com.amazonaws.signer.notation.plugin
The following targets are available. Each may be run with make <target>
.
Make Target | Description |
---|---|
help |
shows available make targets |
build |
builds the plugin executable for current environment (e.g. Linux, Darwin and Windows) |
test |
runs all the unit tests using go test
|
generate-mocks |
generates the mocks required for unit tests |
clean |
removes build artifacts and auto generated mocks. |
To report a potential security issue, please do not create a new Issue in the repository. Instead, please report using the instructions here or email AWS security directly.
This project is licensed under the Apache-2.0 License.