Hi Community~
We are thrilled to announce that our Helm charts are now officially signed! This ensures that our charts come from trusted sources and have not been tampered with, improving the security of your Kubernetes environments.
To sign our Helm charts, we used GPG key and the helm package --sign command during packaging. The signed charts now have a .prov file generated alongside the packaged chart, which includes the chart and the signature. We also put the public GPG key at the same place as the chart and the provenance file.
To verify our charts, download the helm_key.pub from Github release assets, and import the public key into your GPG keyring. Then use helm verify or helm install --verify command to verify the chart integrity. Check our documentation for detailed instruction.
Thank you for your continued support, and we look forward to providing you with secure and trusted Helm charts for all your Kubernetes applications.
Signed,
DC Clipper team
0 comments