/aws-signer-notation-plugin

AWS Signer Plugin for Notation

Primary LanguageGoApache License 2.0Apache-2.0

AWS Signer Plugin for Notation

Build Status Codecov Go Reference

Notation is an open source tool developed by the Notary Project, which supports signing and verifying container images and other artifacts. The AWS Signer Notation plugin, allows users of Notation (notation CLI and notation-go) to sign and verify artifacts (such as container images) using AWS Signer. AWS Signer is a fully managed code-signing service to ensure the trust and integrity of your code. AWS Signer manages the code-signing certificates, secures private keys, and manages key rotation without requiring users to take any action.

The plugin is compliant with the Notary Project specification. It uses the AWS Signer SignPayload API for signing, and GetRevocationStatus API for signature verification.

Getting Started

To use AWS Signer Notation plugin:

  • Notation CLI - Please refer AWS Signer documentation for guidance on signing and verifying OCI artifacts.
  • notation-go library - You can use this plugin as library with notation-go, eliminating the need for invoking plugin executable. Please refer the provided examples on how to use plugin as library with notation-go.

Building from Source

  1. Install go. For more information, refer go documentation.
  2. The plugin uses go modules for dependency management. For more information, refer go modules.
  3. Run make build to build the AWS Signer Notation plugin.
  4. Upon completion of the build process, the plugin executable will be created at build/bin/notation-com.amazonaws.signer.notation.plugin.

Now you can use this plugin executable with notation CLI by using the following command:

notation plugin install --file ./build/bin/notation-com.amazonaws.signer.notation.plugin

Make Targets

The following targets are available. Each may be run with make <target>.

Make Target Description
help shows available make targets
build builds the plugin executable for current environment (e.g. Linux, Darwin and Windows)
test runs all the unit tests using go test
generate-mocks generates the mocks required for unit tests
clean removes build artifacts and auto generated mocks.

Security disclosures

To report a potential security issue, please do not create a new Issue in the repository. Instead, please report using the instructions here or email AWS security directly.

License

This project is licensed under the Apache-2.0 License.