pulumi-google-native-kotlin/com.pulumi.googlenative.containeranalysis.v1alpha1.kotlin.inputs/BuildSignatureArgs

BuildSignatureArgs

data class BuildSignatureArgs(val keyId: Output<String>? = null, val keyType: Output<BuildSignatureKeyType>? = null, val publicKey: Output<String>? = null, val signature: Output<String>? = null) : ConvertibleToJava<BuildSignatureArgs>

Message encapsulating the signature of the verified build.

Constructors

BuildSignatureArgs

fun BuildSignatureArgs(keyId: Output<String>? = null, keyType: Output<BuildSignatureKeyType>? = null, publicKey: Output<String>? = null, signature: Output<String>? = null)

Functions

toJava

open override fun toJava(): BuildSignatureArgs

Properties

keyId

val keyId: Output<String>? = null

An Id for the key used to sign. This could be either an Id for the key stored in public_key (such as the Id or fingerprint for a PGP key, or the CN for a cert), or a reference to an external key (such as a reference to a key in Cloud Key Management Service).

keyType

val keyType: Output<BuildSignatureKeyType>? = null

The type of the key, either stored in public_key or referenced in key_id

publicKey

val publicKey: Output<String>? = null

Public key of the builder which can be used to verify that the related findings are valid and unchanged. If key_type is empty, this defaults to PEM encoded public keys. This field may be empty if key_id references an external key. For Cloud Build based signatures, this is a PEM encoded public key. To verify the Cloud Build signature, place the contents of this field into a file (public.pem). The signature field is base64-decoded into its binary representation in signature.bin, and the provenance bytes from BuildDetails are base64-decoded into a binary representation in signed.bin. OpenSSL can then verify the signature: openssl sha256 -verify public.pem -signature signature.bin signed.bin

signature

val signature: Output<String>? = null

Signature of the related BuildProvenance, encoded in a base64 string.