Signing a Chart with helm package --sign
Producing a .prov file with your GPG key.
Signing at Package Time
You sign a chart in the same step that packages it. Adding --sign to helm package produces both the .tgz and its .prov together.
helm package --sign ./mychartYou Need a GPG Key First
Signing requires a private GPG key. If you do not have one, generate it with gpg before you ever try to sign a chart.
gpg --full-generate-keyAll lessons in this course
- What a Provenance File Guarantees
- Signing a Chart with helm package --sign
- Verifying with helm verify and --verify
- Keyless Signing with Sigstore Cosign