Skip to content

KrishnaIyer/helm-gopg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits

.github

.github

 
 

cmd

cmd

 
 

pkg/signer

pkg/signer

 
 

test/keys

test/keys

 
 

.gitignore

.gitignore

 
 

.goreleaser.yml

.goreleaser.yml

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

VERSION

VERSION

 
 

bump_version.sh

bump_version.sh

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

plugin.yaml

plugin.yaml

 
 

Repository files navigation

helm-gopg

A simple tool written in Golang to package and sign Helm charts without needing GPG installed.

Helm Plugin

This tool is intended to be installed as a Helm Plugin.

Head over to the Releases Page and download the the tar (.tar.gz) file for the required environment from one of the available versions.

Unpack the tar archive.

Install the plugin

$ helm plugin install <unpacked-archive>
Installed plugin: gopg

For Example:

$ helm plugin install ~/Downloads/helm-gopg_0.3.0_darwin_amd64
Installed plugin: gopg

For macOS, allow permissions for this binary to run in Privacy and Security.

Now you can access commands using helm gopg <command> <flags>.

$ helm gopg version
helm-gopg
---------
Version: 0.2.0
Git Commit: bad69093617c84bc20840603ad8b831fbe310fd8
Build Date: 2023-01-20T11:48:52Z
Go version: go1.19.5
OS/Arch: darwin/amd64

To sign packages run the following

$ helm gopg sign --package <package> --signer.pgp.passphrase <passphrase> --signer.pgp.private-key <private-key>

Standalone Usage

helm-gopg is a tool written in Golang to sign Helm charts without needing to install GPG.
This tool uses the well-maintained https://github.com/ProtonMail/gopenpgp library for signing

Usage:
  helm-gopg [flags]
  helm-gopg [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  sign        Sign a package
  verify      Verify the signature and checksum of a package

Flags:
  -c, --config string                   config file (Default; config.yml in the current directory) (default "./config.yml")
  -h, --help                            help for helm-gopg
      --package string                  Location of the packaged Helm chart (.tgz)
      --signer.pgp.passphrase string    Passphrase for the private key.
      --signer.pgp.private-key string   Path to the private key file.
      --signer.pgp.public-key string    Path to the public key file.
      --signer.type string              The type of signer to use. Supported values are 'pgp'. Default is 'pgp'
      --stdout                          Write the signed package only to stdout

Use "helm-gopg [command] --help" for more information about a command.

The following is the minimum set of options to run the signer.

$ helm-gopg sign --package <package> --signer.pgp.passphrase <passphrase> --signer.pgp.private-key <private-key>

The Helm package and the provenance file can be verified using

$ helm-gopg verify --package <package> --signer.pgp.public-key <public-key>

License

The contents of this repository is provided as-is under the terms of the Apache 2.0 License.

About

A simple tool written in Golang and sign Helm packages without setting up GPG

Topics

kubernetes golang automation helm helm-charts github-actions

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 3

v0.3.0 Latest
Jan 20, 2023
+ 2 releases

Contributors 2

  •  
  •  

Languages