I have a Jenkins job which uploads zip files to JFrog, I want to know is there any way I can digital sign jfrog artifacts i.e. zip file? Suggest anything that helps me on my query.
Thanks in Advance.
Asked
Active
Viewed 524 times
2 Answers
1
I found the answer to my self! Used gpg linux command for signing the artifact.
Linux command to sign a zip artifact:
gpg --batch --passphrase ' K$7uK_wnwE' --sign abc.zip
Linux command to verify the signed artifact:
gpg --verify abc.zip.gpg
Linux command to remove the sign from artifact and get the original artifact:
gpg --decrypt -o cba.zip abc.zip.gpg
sudhir tatraju
- 93
- 1
- 7
0
For non-Docker artifacts, there isn't such a capability.
Generally, you are able to sign any artifact prior to uploading it to Artifactory, and instruct users how to verify it outside of Artifactory (post download).
Ariel Kabov
- 856
- 4
- 8