Configuration

Witness allows the user to specify a yaml file for persisting the command line flags to be set whenever Witness is invoked. Any values in the configuration file will be overridden by the command line flags set on command invocation.

By default, Witness will look for the configuration file in the .witness.yaml path in the directory from wihch Witness is invoked. The user can specify a different path using the --config flag.

The schema of the configuration file mirrors the names of the command line flags. For example, the --attestations flag for the run command is set in the configuration file as run.attestations. The --spiffe-socket flag for the sign command is set in the configuration file as sign.spiffe-socket. The full schema is listed below:

run:
    attestations: stringSlice
    certificate: string
    intermediates: stringSlice
    key: string
    outfile: string
    rekor-server: string
    spiffe-socket: string
    step: string
    trace: bool
    workingdir: string
sign:
    certificate: string
    datatype: string
    intermediates: stringSlice
    key: string
    outfile: string
    spiffe-socket: string
verify:
    artifactfile: string
    artifacthash: string
    attestations: stringSlice
    publickey: string
    policy: string