search

in-toto / witness

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
https://witness.dev
Apache License 2.0
416 stars 60 forks source link

docs: correct sign policy file command in README.md #311

Closed shenxianpeng closed 1 year ago

shenxianpeng commented 1 year ago

Fixup of https://github.com/in-toto/witness/pull/289

Before

witness sign -f policy.json --key testkey.pem --outfile policy-signed.json
ERROR   unknown flag: --key

After

witness sign -f policy.json --signer-file-key-path testkey.pem --outfile policy-signed.json
INFO    Using config file: .witness.yaml