Cli commands #79
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,114 @@ | ||
| # Notation CLI | ||
|
|
||
| A set of commands the `notation` cli sill support. | ||
|
|
||
| ## `notation` Root Commands | ||
|
|
||
| ```bash | ||
| notation --help | ||
| NAME: | ||
| notation - Commands for signing and verifying Artifacts stored within an OCI Artifact Registry | ||
|
|
||
| USAGE: | ||
| notation command [command options] [arguments...] | ||
|
|
||
| COMMANDS: | ||
| cert Commands for managing certificates | ||
| key Commands for managing private keys | ||
|
Comment on lines
+16
to
+17
Contributor
There was a problem hiding this comment. It's unclear why we need both cert and key commands, and I feel it'll be confusing for the user to understand in what context/workflow to use these commands. #70 refers to |
||
| config Commands for configuring notation | ||
|
Contributor
There was a problem hiding this comment. What
Contributor
There was a problem hiding this comment. This should probably be used for configuring signing providers (like key vault). We could remove this command till we detail it out. |
||
| verify Commands for verifying an artifacts signature integrity | ||
|
Comment on lines
+15
to
+19
Contributor
There was a problem hiding this comment. We have |
||
|
|
||
| OPTIONS: | ||
| --help, -h show help (default: false) | ||
| ``` | ||
|
|
||
| ## `notation cert` Sub Commands | ||
|
|
||
| ``` | ||
| notation cert --help | ||
|
|
||
| NAME: | ||
| notation cert - Commands for managing certificates | ||
|
Contributor
There was a problem hiding this comment. Suggestion - Commands for managing certificates used for signing and verification of artifacts. |
||
|
|
||
| USAGE: | ||
| notation cert command [command options] [arguments...] | ||
|
|
||
| COMMANDS: | ||
| add, a Commands for adding certificates | ||
|
Contributor
There was a problem hiding this comment.
Contributor
There was a problem hiding this comment. Does this add certificate to the list for signing or verifying? You could add a cert without private key into the verification policy. |
||
| remove, rm Commands for removing certificates | ||
| create Create a self-signed certificate | ||
|
Contributor
There was a problem hiding this comment. As per #78 creating a certificate automatically adds it to the verification policy. IMO this should be an explicit step, otherwise any test certificates created by user will be automatically added into the verification policy, and be unintentionally used in production. |
||
| list, ls List the concurrently configured certificates | ||
|
Contributor
There was a problem hiding this comment. Are these certificates the ones to be used only for signing? If we provide commands to manage certificates in verification policy, we should allow managing more than one verification policy instead of a default one. |
||
|
|
||
| OPTIONS: | ||
| --help, -h show help (default: false) | ||
| ❯ notation cert ls | ||
| NAME PATH | ||
| wabbit-networks.io /home/pat/.notary/keys/wabbit-networks.crt | ||
| import-acme-rocket.io /home/pat/.notary/keys/import-acme-rockets.crt | ||
| ``` | ||
|
|
||
| ### `notation cert add` Command | ||
|
|
||
| ``` | ||
| notation cert add --help | ||
| ``` | ||
| > TODO | ||
|
|
||
| ### `notation cert remove` Command | ||
|
|
||
| ``` | ||
| notation cert remove --help | ||
| ``` | ||
| > TODO | ||
|
|
||
| ### `notation cert create` Command | ||
|
|
||
| ``` | ||
| notation cert create --help | ||
| ``` | ||
| > TODO | ||
|
|
||
| ### `notation cert` list Command | ||
|
|
||
| ``` | ||
| notation cert list --help | ||
| ``` | ||
| > TODO | ||
|
|
||
| ## `notation key` Sub Commands | ||
|
|
||
| ``` | ||
| notation key --help | ||
|
|
||
| NAME: | ||
| notation key - Commands for managing certificates | ||
|
|
||
| USAGE: | ||
| notation cert command [command options] [arguments...] | ||
|
|
||
|
|
||
| COMMANDS: | ||
| add, a Commands for managing certificates | ||
|
There was a problem hiding this comment. Commands for managing certificates? Is the key sub-command the same as cert? |
||
| remove, rm Commands for managing private keys | ||
| create Create a self-signed certificate | ||
| list, ls List the concurrently configured certificates | ||
|
|
||
| OPTIONS: | ||
| --help, -h show help (default: false) | ||
| ❯ notation cert ls | ||
| NAME PATH | ||
| wabbit-networks.io /home/pat/.notary/keys/wabbit-networks.crt | ||
| import-acme-rocket.io /home/pat/.notary/keys/import-acme-rockets.crt | ||
| ``` | ||
|
|
||
| ## `notation verify` Sub Commands | ||
|
|
||
| ``` | ||
| notation verify --help | ||
|
|
||
| NAME: | ||
| notation verify - Commands for verifying an artifacts signature integrity | ||
|
|
||
| USAGE: | ||
| notation verify command [command options] [arguments...] | ||
| ``` | ||
| > TODO | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will support