fioctl keys tuf updates add-offline-key

Stage addition of the offline TUF signing key for the Factory

Synopsis

Stage addition of the offline TUF signing key for the Factory.

The new offline signing key will be used in both CI and production TUF root.

When you add a new TUF Targets offline signing key, existing production Targets are not signed by it. Use the sign-prod-targets subcommand if you want to sign existing production Targets with a new key.

fioctl keys tuf updates add-offline-key --role root|targets --txid=<txid> --keys=<tuf-root-keys.tgz> [flags]

Examples

- Add offline TUF root key:
  fioctl keys tuf updates add-offline-key \
       --txid=abc --role=root --keys=tuf-root-keys.tgz
- Add offline TUF targets key, explicitly specifying new key type (and signing algorithm):
  fioctl keys tuf updates add-offline-key \
    --txid=abc --role=targets --keys=tuf-targets-keys.tgz --key-type=ed25519

Options

-h, --help              help for add-offline-key
-y, --key-type string   Key type, supported: Ed25519, RSA. (default "ED25519")
-k, --keys string       Path to <tuf-keys.tgz> where a new key should be created.
                        For security reasons, it is disallowed to add several actual keys for the same TUF role into the same file.
-r, --role string       TUF role name, supported: Root, Targets.
-x, --txid string       TUF root updates transaction ID.

Options inherited from parent commands

-c, --config string    config file (default is $HOME/.config/fioctl.yaml)
-f, --factory string   Factory to list Targets for
-t, --token string     API token from https://app.foundries.io/settings/tokens/
-v, --verbose          Print verbose logging

SEE ALSO

• fioctl keys tuf updates - Manage updates to the TUF root for your Factory (expert mode)