Notarizing Assets #
vcn with Codenotary Trustcenter, the notarization process creates a cryptographic signature of the asset and stores it in a cryptographically-verifiable immutable database (immudb). That signature can then be used to authenticate the asset and verify its integrity.
Notarize an asset with
The most basic way to notarize an asset is to pass the asset to the
vcn notarize command:
vcn notarize <artifact>
This command will sign the combination of the asset’s name, version, and hash to unique identify it.
vcn will then send the signature to Trustcenter, which will store an immutable record of the signature.
Notarizing assets with dependencies #
--bom flag to the
vcn notarize command will notarize the asset itself, in combination with notarization the asset’s dependencies. This process will immutably associate the artifact with its dependencies in Trustcenter:
vcn notarize --bom <artifact>
Notarizing assets in bulk #
If you need to notarize assets in bulk, you can supply a CSV file that enumerates the hash, name, and
labels of each asset to the
vcn notarize command:
vcn notarize --import-file <csv_file>
The contents of your CSV file should follow the format
hash is the hash of the asset,
name is the name of the asset, and
labels is an optional list of semicolon-separated labels. For example, your CSV file will look something like this:
addf340d683e7dc9be1859f4e9a85f5143d4b21c,email@example.com,label1;label2 722a653f03c02836b5f6391bc588e28aff86e44b,firstname.lastname@example.org,label2 2962576b068d3e220d1df7730a0fc5ac49a201a5,email@example.com,label2;label3 124baa9bfd023f2c0308a11b13086c3c2c3ecfd1,firstname.lastname@example.org,label1;label3
Add attachments to notarization transactions #
To attach files containing user-defined supporting documentation (e.g., build pipeline metadata or deployment information) to a notarization transaction in Trustcenter, use the
--attach flag to specify the path to the file and a label to identify it:
vcn notarize <artifact> --attach=<ATTACHMENT_PATH>[:<ATTACHMENT_LABEL>]
vcn notarize Flags Documentation
Add user defined file attachments. This flag can be repeated to include multiple attachments.
It’s possible to specify a label for each entry, by appending the label to the file path after a colon, for example:
--attach=metadata.json:jobid123. When authenticating an asset with
vcn authenticate, the same path and label can be specifed with the
--attachflag to retrieve that attachment. The label alone can be specified with the
--attachflag to retrieve all attachments, e.g.
vcn a <artifact> --attach=jobid123.