fioctl keys tuf updates delete-offline-key

Stage deletion of the offline TUF signing key for the Factory

Synopsis

Stage deletion of the offline TUF signing key for the Factory.

There are two ways to delete the offline TUF signing key:

  • If you own the keys file - you can delete your key by providing your keys file. Fioctl will search through your keys file for an appropriate key to delete.
  • You can also provide an exact key ID to delete.

When you delete the TUF targets offline signing key:

  • if there are production targets in your factory, corresponding signatures are also deleted. if any production targets lack enough signatures - you need to sign them using the “sign-prod-targets” command.
  • if there is an active wave in your factory, the TUF targets key deletion is not allowed.
fioctl keys tuf updates delete-offline-key --role root|targets --txid=<txid> --keys=<tuf-root-keys.tgz>|--key-id=<key-id> [flags]

Examples

- Delete offline TUF root key:
  fioctl keys tuf updates delete-offline-key \
    --txid=abc --role=root --keys=tuf-root-keys.tgz
- Delete offline TUF targets key by its ID:
  fioctl keys tuf updates delete-offline-key \
    --txid=abc --role=targets
       --key-id=15bbb6e79c9ac73b2db7df73c96f3a4937a25d948c048ba0208e49e426e5888a

Options

-h, --help            help for delete-offline-key
-i, --key-id string   A key ID to delete, as specified in your TUF root.
-k, --keys string     Path to <tuf-root-keys.tgz> used to sign TUF root.
-r, --role string     TUF role name, supported: Root, Targets.
-x, --txid string     TUF root updates transaction ID.

Options inherited from parent commands

-c, --config string    config file (default is $HOME/.config/fioctl.yaml)
-f, --factory string   Factory to list targets for
-t, --token string     API token from https://app.foundries.io/settings/tokens/
-v, --verbose          Print verbose logging

SEE ALSO