Closed ChevronTango closed 1 year ago
This was partly in response to https://github.com/theupdateframework/go-tuf/issues/525#issuecomment-1655807670 where adding a KMS key required the use of tuftool rather than being able to be done entirely with go-tuf
The CLI currently has a
gen-key
method and arevoke-key
method, but not anadd-key
method. This makes it hard for users with external keys, for example KMS or otherwised managed key services, to add their keys to theroot.json
. Whilst it can be done with json manipulation, it would be much nicer if the tuf cli supported it natively to avoid mistakes or misconfiguration.I propose the following
This will then add the key to the root,json in both the
keys
, and the roles fields with the correct hashed key id, and will return a key id which can then be used in subsequent signing requests.