fioctl keys tuf updates add-offline-key

Stage addition of the offline TUF signing key for the Factory

Synopsis

Stage addition of the offline TUF signing key for the Factory.

The new offline signing key will be used in both CI and production TUF root.

When you add a new TUF targets offline signing key, existing production targets are not signed by it. Please, use the sign-prod-targets subcommand if you want to sign existing production targets with a new key.

fioctl keys tuf updates add-offline-key --role root|targets --txid=<txid> --keys=<tuf-root-keys.tgz> [flags]

Examples

- Add offline TUF root key:
  fioctl keys tuf updates add-offline-key \
       --txid=abc --role=root --keys=tuf-root-keys.tgz
- Add offline TUF targets key, explicitly specifying new key type (and signing algorithm):
  fioctl keys tuf updates add-offline-key \
    --txid=abc --role=targets --keys=tuf-targets-keys.tgz --key-type=ed25519

Options

-h, --help              help for add-offline-key
-y, --key-type string   Key type, supported: Ed25519, RSA. (default "ED25519")
-k, --keys string       Path to <tuf-keys.tgz> where a new key should be created.
                        For security reasons, it is disallowed to add several actual keys for the same TUF role into the same file.
-r, --role string       TUF role name, supported: Root, Targets.
-x, --txid string       TUF root updates transaction ID.

Options inherited from parent commands

-c, --config string    config file (default is $HOME/.config/fioctl.yaml)
-f, --factory string   Factory to list targets for
-t, --token string     API token from https://app.foundries.io/settings/tokens/
-v, --verbose          Print verbose logging

SEE ALSO

fioctl keys tuf updates - Manage updates to the TUF root for your factory (expert mode)