Conversation
Signed-off-by: Steve Lasker <stevelasker@hotmail.com>
Signed-off-by: Steve Lasker <stevelasker@hotmail.com>
Signed-off-by: Steve Lasker <stevelasker@hotmail.com>
Signed-off-by: Steve Lasker <stevelasker@hotmail.com>
Signed-off-by: Steve Lasker <stevenlasker@hotmail.com>
| @@ -0,0 +1,114 @@ | |||
| # Notation CLI | |||
|
|
|||
| A set of commands the `notation` cli sill support. | |||
| notation key - Commands for managing certificates | ||
|
|
||
| USAGE: | ||
| notation cert command [command options] [arguments...] |
| notation cert command [command options] [arguments...] | ||
|
|
||
| COMMANDS: | ||
| add, a Commands for managing certificates |
There was a problem hiding this comment.
Commands for managing certificates? Is the key sub-command the same as cert?
| notation cert command [command options] [arguments...] | ||
|
|
||
| COMMANDS: | ||
| add, a Commands for adding certificates |
There was a problem hiding this comment.
add is short enough. Not necessary to have a.
There was a problem hiding this comment.
Does this add certificate to the list for signing or verifying? You could add a cert without private key into the verification policy.
| COMMANDS: | ||
| cert Commands for managing certificates | ||
| key Commands for managing private keys | ||
| config Commands for configuring notation | ||
| verify Commands for verifying an artifacts signature integrity |
There was a problem hiding this comment.
We have verify but miss sign.
| COMMANDS: | ||
| cert Commands for managing certificates | ||
| key Commands for managing private keys | ||
| config Commands for configuring notation |
There was a problem hiding this comment.
What config is used for?
There was a problem hiding this comment.
This should probably be used for configuring signing providers (like key vault). We could remove this command till we detail it out.
| cert Commands for managing certificates | ||
| key Commands for managing private keys |
There was a problem hiding this comment.
It's unclear why we need both cert and key commands, and I feel it'll be confusing for the user to understand in what context/workflow to use these commands.
#70 refers to certificate for managing the policy for verification, whereas in this PR cert command is used for generating certificates and maintaining a list that notation knows about, but its purpose isn't clear, is it to be used for signing?
| COMMANDS: | ||
| cert Commands for managing certificates | ||
| key Commands for managing private keys | ||
| config Commands for configuring notation |
There was a problem hiding this comment.
This should probably be used for configuring signing providers (like key vault). We could remove this command till we detail it out.
| notation cert --help | ||
|
|
||
| NAME: | ||
| notation cert - Commands for managing certificates |
There was a problem hiding this comment.
Suggestion - Commands for managing certificates used for signing and verification of artifacts.
| notation cert command [command options] [arguments...] | ||
|
|
||
| COMMANDS: | ||
| add, a Commands for adding certificates |
There was a problem hiding this comment.
Does this add certificate to the list for signing or verifying? You could add a cert without private key into the verification policy.
| COMMANDS: | ||
| add, a Commands for adding certificates | ||
| remove, rm Commands for removing certificates | ||
| create Create a self-signed certificate |
There was a problem hiding this comment.
As per #78 creating a certificate automatically adds it to the verification policy. IMO this should be an explicit step, otherwise any test certificates created by user will be automatically added into the verification policy, and be unintentionally used in production.
| add, a Commands for adding certificates | ||
| remove, rm Commands for removing certificates | ||
| create Create a self-signed certificate | ||
| list, ls List the concurrently configured certificates |
There was a problem hiding this comment.
Are these certificates the ones to be used only for signing? If we provide commands to manage certificates in verification policy, we should allow managing more than one verification policy instead of a default one.
|
Closing as the implementation in #83 has completed the baseline work |
4 participants
The equivalent of the
notation --helpcli, to iterate on the commands, parameters and help docs.This builds (ok copies the premise) of #70
To see the commands in context, see: #78
I'll leave this in draft form for initial review.
Proposal is to get a baseline in, then iterate with subsequent PRs to this help doc, and samples showing contextual usage.