{"id":25190144,"url":"https://github.com/keyfactor/signum-container-agent","last_synced_at":"2025-04-04T11:25:22.202Z","repository":{"id":243132222,"uuid":"810875867","full_name":"Keyfactor/signum-container-agent","owner":"Keyfactor","description":"A container based version of the Signum Linux Agent and example usage. Contact your  Keyfactor CSM for access to the base image.","archived":false,"fork":false,"pushed_at":"2025-03-24T16:58:51.000Z","size":15,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-24T17:51:29.511Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Keyfactor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-05T14:11:44.000Z","updated_at":"2025-03-24T16:58:55.000Z","dependencies_parsed_at":"2024-06-06T22:44:04.650Z","dependency_job_id":null,"html_url":"https://github.com/Keyfactor/signum-container-agent","commit_stats":null,"previous_names":["keyfactor/signum-container-agent"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fsignum-container-agent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fsignum-container-agent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fsignum-container-agent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Keyfactor%2Fsignum-container-agent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Keyfactor","download_url":"https://codeload.github.com/Keyfactor/signum-container-agent/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247167830,"owners_count":20895011,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-09T21:19:03.451Z","updated_at":"2025-04-04T11:25:22.175Z","avatar_url":"https://github.com/Keyfactor.png","language":null,"readme":"# About the Signum Container Agent\nThe Signum Container Agent is a base image that runs the Signum Agent service and it can be modified as shown in the examples with additional signing tools for handling a variety of different scenarios.\n\nUsage examples of several popular signing tools can be found in [signing-tool-examples](/signing-tool-examples/).\n\n---\n\n## Support for Signum Container Agent with Signing Tools\n---\nSignum Container Agent with Signing Tools is open source and supported on best effort level for this set of examples.  This means customers can report Bugs, Feature Requests, Documentation amendment or questions as well as requests for customer information required for setup that needs Keyfactor access to obtain. Such requests do not follow normal SLA commitments for response or resolution. If you have a support issue, please open a support ticket via the Keyfactor Support Portal at https://support.keyfactor.com/\n\nTo report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab.\n\n---\n\n## Running the Signum Container Agent Base Image\n```sh\ndocker run --name signum-agent -e \"SIGNUM_HOSTNAME=A URL\" -e \"SIGNUM_CLIENTID=TheClientID\" -e \"SIGNUM_USERNAME=myuser@somedomain\" -e \"SIGNUM_PASSWORD=$mycreds\" -e \"SIGNUM_LOGLEVEL=HIGH\" -e \"SIGNUM_LOGTYPE=FILE\" signum-agent-3.80.4-2024052302\n```\n```sh\ndocker exec -it signum-agent /bin/bash\n```\n```sh\npkcs11-tool --module /usr/lib/libkeyfactorpkcs11.so --list-objects --type cert\n```\n```\nUsing slot 0 with a present token (0x0)\nCertificate Object; type = X.509 cert\n  label:      50D63698EF043051EFB0B7E5280EDACF35A09B29 - Certificate\n  subject:    DN: CN=Signum-RSA-2048\n  ID:         50d63698ef043051efb0b7e5280edacf35a09b29\n  Unique ID:\nCertificate Object; type = X.509 cert\n  label:      170570A1D56FBB5A4CC780B69ACAEF94010D5DAA - Certificate\n  subject:    DN: CN=Signum-RSA-3072\n  ID:         170570a1d56fbb5a4cc780b69acaef94010d5daa\n  Unique ID:\nCertificate Object; type = X.509 cert\n  label:      3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate\n  subject:    DN: CN=Signum-RSA-4096\n  ID:         3ab5bfb91dfbb46cf765d5bee51429618c4857dd\n  Unique ID:\n```\n\n## Modifying the Base Image\nAdd the pkcs11 based signing tools your team would like to use\nsee, [dockerfile-examples](/dockerfile-examples/) for some examples. In production you should verify the sources of external repositories. \n\nAn Example adding Jsign to the base Signum Agent Image and then launching a container. \n```bash\ndocker buildx build -f dockerfile-jsign -t signum-container-agent:jsign .\n```\n\n```bash\ndocker run --name signum-agent -d -v $PWD/filestosign/:/mnt/filestosign -e \"SIGNUM_HOSTNAME=A URL\" -e \"SIGNUM_CLIENTID=TheClientID\" -e \"SIGNUM_USERNAME=myuser@somedomain\" -e \"SIGNUM_PASSWORD=$mycreds\" -e \"SIGNUM_LOGLEVEL=HIGH\" -e \"SIGNUM_LOGTYPE=FILE\" signum-container-agent:jsign\n```\n\n```bash\ndocker exec -it signum-agent /bin/bash\n```\n\nCan run keytool and Jsign to list key objects and sign.\n```sh\nkeytool -list -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg keyfactorpkcs11.cfg -storepass NONE\n```\n```\nKeystore type: PKCS11\nKeystore provider: SunPKCS11-KeyfactorPKCS11\n\nYour keystore contains 5 entries\n\n170570A1D56FBB5A4CC780B69ACAEF94010D5DAA - Certificate, PrivateKeyEntry,\nCertificate fingerprint (SHA-256): 1C:3B:0B:5E:B7:7F:29:29:87:4E:7D:BC:77:11:D9:7F:FF:06:0B:C3:F2:F9:DE:02:8E:72:C6:87:4E:CE:B2:94\n3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate, PrivateKeyEntry,\nCertificate fingerprint (SHA-256): 97:58:8B:1B:C4:D5:19:3C:C6:5F:3F:4A:73:11:53:17:98:D4:A7:E9:FD:A3:3D:88:B0:9F:09:EB:77:D9:23:F0\n3BFA85A455F54CE76D74B52F6B4226C00299CF7D - Certificate, PrivateKeyEntry,\nCertificate fingerprint (SHA-256): 35:5C:22:86:9F:92:19:CA:80:38:F3:A9:D0:7A:20:BD:0B:53:5E:20:1C:29:A9:39:40:71:F0:68:12:88:E3:26\n50D63698EF043051EFB0B7E5280EDACF35A09B29 - Certificate, PrivateKeyEntry,\nCertificate fingerprint (SHA-256): B9:D3:D7:70:1E:DA:11:3C:2B:27:65:9E:64:73:6F:9F:0B:FB:7A:F5:77:9D:81:BF:95:A5:71:D2:96:0B:D0:1A\n```\n\n```\njava -jar jsign-6.0.jar --keystore /etc/keyfactor/keyfactorpkcs11.cfg --storetype PKCS11 --alias \"3AB5BFB91DFBB46CF765D5BEE51429618C4857DD - Certificate\" /mnt/filestosign/example-script.ps1\n```\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeyfactor%2Fsignum-container-agent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeyfactor%2Fsignum-container-agent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeyfactor%2Fsignum-container-agent/lists"}