2023/06/06 - AWS Signer - 2 new api methods
Changes AWS Signer is launching Container Image Signing, a new feature that enables you to sign and verify container images. This feature enables you to validate that only container images you approve are used in your enterprise.
Signs a binary payload and returns a signature envelope.
See also: AWS API Documentation
Request Syntax
client.sign_payload( profileName='string', profileOwner='string', payload=b'bytes', payloadFormat='string' )
string
[REQUIRED]
The name of the signing profile.
string
The AWS account ID of the profile owner.
bytes
[REQUIRED]
Specifies the object digest (hash) to sign.
string
[REQUIRED]
Payload content type
dict
Response Syntax
{ 'jobId': 'string', 'jobOwner': 'string', 'metadata': { 'string': 'string' }, 'signature': b'bytes' }
Response Structure
(dict) --
jobId (string) --
Unique identifier of the signing job.
jobOwner (string) --
The AWS account ID of the job owner.
metadata (dict) --
Information including the signing profile ARN and the signing job ID. Clients use metadata to signature records, for example, as annotations added to the signature manifest inside an OCI registry.
(string) --
(string) --
signature (bytes) --
A cryptographic signature.
Retrieves the revocation status of one or more of the signing profile, signing job, and signing certificate.
See also: AWS API Documentation
Request Syntax
client.get_revocation_status( signatureTimestamp=datetime(2015, 1, 1), platformId='string', profileVersionArn='string', jobArn='string', certificateHashes=[ 'string', ] )
datetime
[REQUIRED]
The timestamp of the signature that validates the profile or job.
string
[REQUIRED]
The ID of a signing platform.
string
[REQUIRED]
The version of a signing profile.
string
[REQUIRED]
The ARN of a signing job.
list
[REQUIRED]
A list of composite signed hashes that identify certificates.
A certificate identifier consists of a subject certificate TBS hash (signed by the parent CA) combined with a parent CA TBS hash (signed by the parent CA’s CA). Root certificates are defined as their own CA.
(string) --
dict
Response Syntax
{ 'revokedEntities': [ 'string', ] }
Response Structure
(dict) --
revokedEntities (list) --
A list of revoked entities (including one or more of the signing profile ARN, signing job ID, and certificate hash) supplied as input to the API.
(string) --