https://github.com/govtechsg/attest

Last synced: 11 months ago
JSON representation

Host: GitHub
URL: https://github.com/govtechsg/attest
Owner: GovTechSG
License: mit
Created: 2021-05-02T13:58:28.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2022-01-03T15:53:51.000Z (over 4 years ago)
Last Synced: 2025-03-16T23:11:28.445Z (about 1 year ago)
Language: Shell
Size: 8.79 KB
Stars: 1
Watchers: 5
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

          # attest

attest is a tool for downloading terraform and verify that the SHASUM matches the archive.

## What is actually run in the back background

1. Import hashicorp public key using gpg

2. Download the archive, SHA256SUM, and SHA256SUM.sig files

3. Verify is signature file is not tampered with

4. Verify the SHASUM matches the archive

5. Install to tfenv if argument "install-tfenv" was passed to command

## Prerequiste

1. gpg - OpenPGP encryption and signing tool

## How to setup

1. Download Hashicorp public key from https://www.hashicorp.com/security

2. Store Hashicorp public key from step 2 to $HOME/.gnupg/hashicorp.asc

3. `git clone `

4. `ln -s //attest.sh /usr/local/bin/attest`

## Usage

```bash

Example:

# Download and verify terraform package

Usage: attest terraform 

# Deploy package to tfenv

Usage: attest terraform  install-tfenv

terraform                   Terraform version number to download and attest (eg. 0.15.4)

install-tfenv                              Install terraform to tfenv

```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/govtechsg/attest

Awesome Lists containing this project

README