0Pricing
Helm Academy · Lesson

What a Provenance File Guarantees

Integrity and origin checks for a chart archive.

Can You Trust a Chart?

You downloaded a chart from the internet. How do you know nobody tampered with it on the way? Helm answers this with a provenance file.

The .prov Companion

A provenance file sits next to a chart archive with the same name plus a .prov suffix. It is the chart's signed receipt of authenticity.

mychart-0.1.0.tgz
mychart-0.1.0.tgz.prov

All lessons in this course

  1. What a Provenance File Guarantees
  2. Signing a Chart with helm package --sign
  3. Verifying with helm verify and --verify
  4. Keyless Signing with Sigstore Cosign
← Back to Helm Academy