You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Next, you need to configure your agents to use the keys you generated. On agents that upload pipelines, add the following to the agent's config file:
```ini
signing-jwks-file=<path to private keyset>
signing-jwks-file=<path to private key set>
signing-jwks-key-id=<the key id you generated earlier>
verification-jwks-file=<path to public keyset>
verification-jwks-file=<path to public key set>
```
This ensures that whenever those agents upload steps to Buildkite, they'll generate signatures using the private key you generated earlier. It also ensures that those agents verify the signatures of any steps they run, using the public key.
Expand DownExpand Up
@@ -133,7 +133,7 @@ buildkite-agent tool sign \
Replacing the following:
-`<token>` with a Buildkite GraphQL token that has the `write_pipelines` scope.
-`<path to signing jwks>` with the path to the private keyset you generated earlier.
-`<path to signing jwks>` with the path to the private key set you generated earlier.
-`<signing key id>` with the key ID from earlier.
-`<org slug>` with the slug of the organization the pipeline is in.
-`<pipeline slug>` with the slug of the pipeline you want to sign.
