README
¶
AWS Signer Plugin for Notation
Notation is an open source tool developed by the Notary Project, which supports signing and verifying container images and other artifacts. The AWS Signer Notation plugin, allows users of Notation (notation CLI and notation-go) to sign and verify artifacts (such as container images) using AWS Signer. AWS Signer is a fully managed code-signing service to ensure the trust and integrity of your code. AWS Signer manages the code-signing certificates, secures private keys, and manages key rotation without requiring users to take any action.
The plugin is compliant with the Notary Project specification. It uses the AWS Signer SignPayload API for signing, and GetRevocationStatus API for signature verification.
Getting Started
To use AWS Signer Notation plugin:
- Notation CLI - Please refer AWS Signer documentation for guidance on signing and verifying OCI artifacts.
- notation-go library - You can use this plugin as library with notation-go, eliminating the need for invoking plugin executable. Please refer the provided examples on how to use plugin as library with notation-go.
Building from Source
- Install go. For more information, refer go documentation.
- The plugin uses go modules for dependency management. For more information, refer go modules.
- Run
make buildto build the AWS Signer Notation plugin. - Upon completion of the build process, the plugin executable will be created at
build/bin/notation-com.amazonaws.signer.notation.plugin.
Now you can use this plugin executable with notation CLI by using the following command:
notation plugin install --file ./build/bin/notation-com.amazonaws.signer.notation.plugin
Make Targets
The following targets are available. Each may be run with make <target>.
| Make Target | Description |
|---|---|
help |
shows available make targets |
build |
builds the plugin executable for current environment (e.g. Linux, Darwin and Windows) |
test |
runs all the unit tests using go test |
generate-mocks |
generates the mocks required for unit tests |
clean |
removes build artifacts and auto generated mocks. |
Security disclosures
To report a potential security issue, please do not create a new Issue in the repository. Instead, please report using the instructions here or email AWS security directly.
License
This project is licensed under the Apache-2.0 License.
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
client
Package client creates AWS service like AWS Signer client required by plugin.
|
Package client creates AWS service like AWS Signer client required by plugin. |
|
logger
Package logger provides logging functionality.
|
Package logger provides logging functionality. |
|
signer
Package signer provides functionality to generate signatures using AWS Signer in accordance with the NotaryProject Plugin contract.
|
Package signer provides functionality to generate signatures using AWS Signer in accordance with the NotaryProject Plugin contract. |
|
slices
Package slices provides utility methods for slice.
|
Package slices provides utility methods for slice. |
|
verifier
Package verifier verified provides functionality to verify signatures generated using AWS Signer in accordance with the NotaryProject Plugin contract.
|
Package verifier verified provides functionality to verify signatures generated using AWS Signer in accordance with the NotaryProject Plugin contract. |
|
version
Package version provides utility methods for AWS Signer's plugin version.
|
Package version provides utility methods for AWS Signer's plugin version. |
|
Package plugin implements the interface github.com/notaryproject/notation-plugin-framework-go/plugin, enabling its use as a library in the notation-go package and to generate executable
|
Package plugin implements the interface github.com/notaryproject/notation-plugin-framework-go/plugin, enabling its use as a library in the notation-go package and to generate executable |