Merge ~cjwatson/launchpad-mojo-specs:lp-separate-signing-keys into launchpad-mojo-specs:master
Proposed by
Colin Watson
Status: | Merged |
---|---|
Merged at revision: | 3c8894d58834cad321fee81aefd53e774d6e4624 |
Proposed branch: | ~cjwatson/launchpad-mojo-specs:lp-separate-signing-keys |
Merge into: | launchpad-mojo-specs:master |
Diff against target: |
94 lines (+10/-5) 1 file modified
lp/bundle.yaml (+10/-5) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ines Almeida | Approve | ||
Review via email: mp+455427@code.launchpad.net |
Commit message
lp: Use separate signing client public keys for each publisher
Description of the change
This was a mistake when converting our legacy deployments to charms: each publisher has always had its own client public key authorizing it to use the signing service, which is important because they have access to different sets of keys held there.
I added signing configuration for the copy archive publisher while I was here.
Deploying this also requires making sure that the corresponding private keys are correct in `deploy-secrets`.
To post a comment you must log in.
Makes sense