Introduction
This repository contains the template for building onboarding informations for the Smart Trust Network Attendees. This includes CSCAs, Auth information, signing information and other relevant files for onboarding a participant.
Prerequisites
Collect this information and transfer it for each environment:
-
Create an private git repository on github.
-
Prepare the following information for onboarding request:
- Environment Repository (all private to hide uploader's identity) (DEV, UAT, PROD)
- Repository URL
- Invite WHO Bot User to Repository (with read rights). The Bot User is: tng-bot for production and tng-bot-dev for development and acceptance environments.
- Create GPG Keys for responsible persons for each environment (for tagging)
-
Fill in content for your country:
- for DEV and UAT environments you may use the conf files and the certgen bash script as a guideline
-
Send an onboarding/participation request to tng-support@who.int
GPG Keys
Follow the instructions to create a key.
Algorithm RSA or EC. Minimum Keylength 4096 bit (RSA) or 256 bit (EC)
Procedure
- The Repo will be onboarded + the Public GPG keys. Export it by using:
gpg --amor --export [key-id]
Keys can be listed by:
gpg -k
- Tag the version of your latest informations by using git tag + signing commands either from terminal or developer IDE. Please Note that an update in github web desktop itself is not working, because the platform will use an intermediate key.
- The Bot user clones the latest tag of your private repo and verifies the signature of the tag against the onboarded GPG keys
- After verification the content will be taken over for your country
- The bot creates a PR
Domains
For further domains, add a new folder under onboarding and copy the DCC folder structure.
Available Domains:
- DCC
- DDCC
- DIVOC
- ICAO
- SHC
Trusted Issuer
To onboard Trusted Issuer, provide input via the subfolder ISSUER.