hanko
keeps your allowed signers file up to date with signing keys configured on platforms like GitHub and GitLab.
Keeps your allowed signers file up to date with signing keys configured on platforms like GitHub and GitLab.
Usage: hanko [OPTIONS] <COMMAND>
Commands:
update Update the allowed signers file
help Print this message or the help of the given subcommand(s)
Options:
-c, --config <PATH> The configuration file [env: HANKO_CONFIG=]
--file <PATH> The allowed signers file [env: HANKO_ALLOWED_SIGNERS=]
-v, --verbose... Increase verbosity
-h, --help Print help
-V, --version Print version
To use hanko
, a set of signers to track need to be configured first. As an example,
we'll create a configuration file in the default location ~/.config/hanko/config.toml
containing a single signer using the default GitHub source.
[[signers]]
name = "octocat"
principals = ["[email protected]"]
Once we've configured our signers, we can run the update
command.
If an allowed signers file is configured in Git, hanko
will write to that file.
Should no allowed signers file be configured within Git, or you want to specify a different path, the --file
runtime option may be used.
$ hanko -v update
2024-10-25T14:01:49.140028Z INFO load_and_validate: hanko::config: Loading configuration file path="/home/vscode/.config/hanko/config.toml"
2024-10-25T14:01:49.243660Z INFO hanko::cli::main: Updated allowed signers file /home/vscode/.config/git/allowed_signers in 105.315473ms
signers = [
{ name = "torvalds", principals = ["[email protected]"], sources = ["github"] },
{ name = "gvanrossum", principals = ["[email protected]"], sources = ["github", "gitlab"] },
{ name = "graydon", principals = ["[email protected]"], sources = ["github"] },
{ name = "cwoods", principals = ["[email protected]"], sources = ["acme-corp"] },
{ name = "rdavis", principals = ["[email protected]"], sources = ["acme-corp"] },
{ name = "pbrock", principals = ["[email protected]"], sources = ["acme-corp"] }
]
[[sources]]
name = "acme-corp"
provider = "gitlab"
url = "https://git.acme.corp"
The following cargo features can be used to enable additional functionality.
- detect-allowed-signers (enabled by default): Enables use of the gix-config crate to detect the location of the allowed signers file from Git configuration.
Contributions of all sizes that improve hanko
in any way, be it DX/UX, documentation, performance or other are highly appreciated.
To get started, please read the contribution guidelines. Before starting work on a new feature you would like to contribute that may impact simplicity, reliability or performance, please open an issue first.
The source code of this project is licensed under the MIT License. For more information, see LICENSE.