Owner: Architect:

David Peraza

Story (Required)

As a partner, redhat associate or helm community member, I would like to be able to share my pgp key so my charts signatures can be verified.

Background (Required)

After chart verifier implements signature verification, there will be a need to pass in the pgp public key to be able to verify. The certification flow already make us of owner file for authorization. We can also use owners file for integrity.

Glossary

NA

Out of scope

Integration with ODC
Test Case will be implemented in another story
report submissions
publishing key and providence files

In Scope

NA

Approach(Required)

Partner will set the pgp key through partner portal. Red Hat and community chart owners will be able to set their key in the owners file

Demo requirements(Required)

A great demo will show an end to end key configuration starting with Partner Portal. Work with hrivero@redhat.com to identify the team that can provide a test environment. If it is not possible to integrate, then we can demo the Red Hat associate flow.

Dependencies

Partner Portal development team (pyxis team)

Edge Case

NA

Acceptance Criteria

Partner can set a key in their owners file
Red Hat associate can set a key in their owners file
Community member can set a key in their owners file
Certification flow can read the public key from owners file and verify chart signatures
Documentation: Yes (upstream-docs)
Upstream: We need docs explaining how to set the public key
Release Notes Type: Enhancement

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

v

Legend

Unknown

Verified

Unsatisfied