fioctl keys tuf updates delete-offline-key#

Stage deletion of the offline TUF signing key for the Factory

Synopsis#

Stage deletion of the offline TUF signing key for the Factory.

There are two ways to delete the offline TUF signing key:

  • If you own the keys file - you can delete your key by providing your keys file. Fioctl will search through your keys file for an appropriate key to delete.

  • You can also provide an exact key ID to delete.

When you delete the TUF targets offline signing key:

  • For production Targets, the corresponding signatures are also deleted. If any production Targets lack enough signatures, you will need to sign them using the “sign-prod-targets” command.

  • If there is an active Wave, the TUF Targets key deletion is not allowed.

fioctl keys tuf updates delete-offline-key --role root|targets --txid=<txid> --keys=<tuf-root-keys.tgz>|--key-id=<key-id> [flags]

Examples#

- Delete offline TUF root key:
  fioctl keys tuf updates delete-offline-key \
    --txid=abc --role=root --keys=tuf-root-keys.tgz
- Delete offline TUF targets key by its ID:
  fioctl keys tuf updates delete-offline-key \
    --txid=abc --role=targets
       --key-id=15bbb6e79c9ac73b2db7df73c96f3a4937a25d948c048ba0208e49e426e5888a

Options#

-h, --help            help for delete-offline-key
-i, --key-id string   A key ID to delete, as specified in your TUF root.
-k, --keys string     Path to <tuf-root-keys.tgz> used to sign TUF root.
-r, --role string     TUF role name, supported: Root, Targets.
-x, --txid string     TUF root updates transaction ID.

Options inherited from parent commands#

-c, --config string    config file (default is $HOME/.config/fioctl.yaml)
-f, --factory string   Factory to list Targets for
-t, --token string     API token from https://app.foundries.io/settings/tokens/
-v, --verbose          Print verbose logging

SEE ALSO#