Linux command
fulcio 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Start Fulcio server
fulcio serve --config-path [config.yaml]
Start server
fulcio serve --ca fileca --fileca-cert [ca.pem] --fileca-key [ca-key.pem]
Start server
fulcio serve --host [0.0.0.0] --port [8080]
说明
Fulcio is a certificate authority for code signing, part of the Sigstore project. It issues short-lived certificates tied to OIDC identities (GitHub, Google, Microsoft), enabling keyless code signing. Fulcio eliminates the need for developers to manage long-term signing keys. Certificates are logged in the transparency log (Rekor) for verification.
参数
- serve
- Start Fulcio server.
- --ca _type_
- Certificate authority type: googleca, fileca, kmsca, tinkca, pkcs11ca, ephemeralca.
- --config-path _file_
- Path to Fulcio config YAML (default: /etc/fulcio-config/config.yaml).
- --host _addr_
- HTTP server listen address (default: 0.0.0.0).
- --port _num_
- HTTP server port (default: 8080).
- --grpc-port _num_
- gRPC server port (default: 8081).
- --fileca-cert _file_
- Path to CA certificate (fileca only).
- --fileca-key _file_
- Path to CA encrypted private key (fileca only).
- --ct-log-url _url_
- Certificate transparency log URL.
- version
- Show version.
FAQ
What is the fulcio command used for?
Fulcio is a certificate authority for code signing, part of the Sigstore project. It issues short-lived certificates tied to OIDC identities (GitHub, Google, Microsoft), enabling keyless code signing. Fulcio eliminates the need for developers to manage long-term signing keys. Certificates are logged in the transparency log (Rekor) for verification.
How do I run a basic fulcio example?
Run `fulcio serve --config-path [config.yaml]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does serve do in fulcio?
Start Fulcio server.