Description

Automated tests need to use the dev key to sign collections, as they do not have access to and shouldn't use the production key. Because stage is configured exactly as production will be, using the key from prod sec to verify signatures. Automated tests need to use the dev key, so they are now broken on stage.

Steps to Reproduce

Upload a collection to stage

Sign the collection with the dev key found in the galaxy_ng repo

Upload the signature file

Actual Behavior

The uploaded signature is denied.

Expected Behavior

The uploaded signature should be accepted, as we must run automated tests on stage and they must use a dev key, not the final production key.

Proposed Solution:

• Add multiple keys on c.stage.rh.c - the dev key can be added alongside the prod key to the keyfile stored in vault just for stage
• Modify the entrypoint script that adds the key from the keyfile to the keystore to allow importing multiple keys