Trusting Venafi's Public Key
Table of Contents
Trusting Venafi's Public Key
If you've not already trusted Venafi's public key, you'll receive a warning during deployment when you verify the VSatellite installer. You can avoid that warning by manually trusting Venafi's public key before you begin deployment.
This step is optional, but recommended.
Download and Import Venafi's Key
- Download Venafi's public key.curl -O https://dl.venafi.cloud/vaaskey.pubImport the key into your GPG keyring.gpg --import ./vaaskey.pubSet Ownertrust for Venafi, Inc. to Ultimate.echo -e "trust\n5\ny\n" | gpg --no-tty --command-fd 0 --edit-key "gpg-vaas@venafi.com"Verify the key in your keyring.gpg --list-keysThe result should look similar to the following:/home/edge/.gnupg/pubring.kbx ----------------------------- pub rsa4096 2022-03-18 [SCEA] BA2F4B4442D945F0A2810A686B99EC1CEEE83892 uid [ultimate] Venafi, Inc. <gpg-vaas@venafi.com> sub rsa2048 2022-03-22 [A] sub rsa2048 2022-03-22 [E]
What's Next
Now that you've trusted Venafi's public key, you'll be able to verify the VSatellite installer download when you deploy VSatellites.If you want to download the VSatellite installer and the VSatellite signature file, you can use the following:curl -O https://dl.venafi.cloud/vsatctl && \ curl -O https://dl.venafi.cloud/vsatctl.sigVerifying VSatellite after Download
After you have downloaded the VSatellite installer and the VSatellite signature file as part of the deploying VSatellite steps, you can verify by running the following:gpg --verify vsatctl.sig vsatctlThe result should look similar to the following:gpg: Signature made Thu Jul 27 06:37:24 2023 UTC gpg: using RSA key BA2F4B4442D945F0A2810A686B99EC1CEEE83892 gpg: issuer "gpg-vaas@venafi.com" gpg: Good signature from "Venafi, Inc. <gpg-vaas@venafi.com>" [ultimate]
